An undislosed organization
January 16, 2026
•[ vulnerability exploitation, command-and-control, persistence ]
BleepingComputer reported that threat actors exploited critical SolarWinds Web Help Desk (WHD) vulnerabilities (including CVE-2025-40551 and CVE-2025-26399) in a campaign believed to have started around January 16, 2026, targeting at least three organizations. Attackers used the access to deploy legitimate tools (Zoho ManageEngine Assist, Cloudflare tunnels, Velociraptor) for persistence and command-and-control.
