TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Attackers exploited SolarWinds Web Help Desk vulnerabilities in December 2025 to breach IT environments, steal high-privilege credentials, and establish persistence using legitimate tools like Zoho ManageEngine. Microsoft researchers cannot confirm which specific CVE was exploited—CVE-2025-40551, CVE-2025-40536, or CVE-2025-26399—since affected systems were vulnerable to multiple flaws simultaneously. The attackers used living-off-the-land techniques including PowerShell, BITS for payload delivery, DLL sideloading for credential theft, and DCSync attacks against domain controllers. Organizations should immediately patch WHD instances, remove public admin access, scan for unauthorized RMM tools, and rotate credentials.

Someone's attacking SolarWinds WHD - but which bug?