Tag

Solarwinds

4 briefs RSS

Suspicious SolarWinds Web Help Desk Java Module Load or Child Process

Detects suspicious behavior related to SolarWinds Web Help Desk, specifically the loading of untrusted native modules (DLLs) or the spawning of suspicious child processes (cmd, PowerShell, rundll32) by the Java process, potentially indicating exploitation of deserialization vulnerabilities CVE-2025-40536 and CVE-2025-40551.

Web Help Desk solarwinds webhelpdesk deserialization cve-2025-40536 cve-2025-40551 remote code execution initial access

2r 1t 2c May 12, 2026

critical advisory

Critical Vulnerabilities in SolarWinds Serv-U Allow Remote Code Execution

2 rules 3 TTPs

Multiple critical vulnerabilities in SolarWinds Serv-U MFT and FTP Server allow remote code execution, potentially leading to system compromise.

solarwinds serv-u rce vulnerability

2r 3t Feb 26, 2026

medium advisory

Suspicious SolarWinds Child Process Execution

2 rules 2 TTPs

Detection of unusual child processes spawned by SolarWinds processes may indicate malicious program execution, potentially bypassing security controls.

Elastic Defend +3 supply-chain execution solarwinds

2r 2t Jan 3, 2024

medium advisory

SolarWinds Process Disabling Services via Registry Modification

2 rules 3 TTPs

A SolarWinds binary is modifying the start type of a service to be disabled via registry modification, potentially to disable or impair security services.

Microsoft Defender XDR +1 solarwinds defense-evasion registry-modification supply-chain

2r 3t Jan 3, 2024