VulnHub

Real-time Cybersecurity News

Attackers abuse SolarWinds Web Help Desk to install Zoho agents and Velociraptor

Security Affairs
Actively Exploited
SolarWindsVulnerability

Overview

Huntress has reported an ongoing attack exploiting vulnerabilities in SolarWinds Web Help Desk software. Attackers are targeting unpatched versions of this tool to execute remote code, which allows them to install Zoho ManageEngine software for persistent access and Velociraptor for control over compromised systems. This incident was confirmed on February 7, 2026, and it raises significant concerns for organizations that rely on SolarWinds products, as it highlights the risks associated with unaddressed software vulnerabilities. Companies using this software should prioritize patching to safeguard against these exploits and prevent unauthorized access to their systems.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: SolarWinds Web Help Desk, Zoho ManageEngine, Velociraptor
  • Action Required: Organizations should update to the latest patched versions of SolarWinds Web Help Desk to mitigate these vulnerabilities.
  • Timeline: Ongoing since February 7, 2026

Original Article Summary

Huntress confirmed active SolarWinds Web Help Desk exploits, where attackers installed Zoho tools for persistence, and used Velociraptor for control. On February 7, 2026, Huntress investigated an active attack abusing SolarWinds Web Help Desk flaws. Attackers exploited unpatched versions to run code remotely, then quickly installed Zoho ManageEngine tools for persistent remote access and Cloudflare […]

Impact

SolarWinds Web Help Desk, Zoho ManageEngine, Velociraptor

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since February 7, 2026

Remediation

Organizations should update to the latest patched versions of SolarWinds Web Help Desk to mitigate these vulnerabilities.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to SolarWinds, Vulnerability.

Read Original Article

Related Coverage

Hackers Deliver Global Group Ransomware Offline via Phishing Emails

Hackread – Cybersecurity News, Data Breaches, AI and More

A new strain of ransomware known as Global Group is being distributed through phishing emails. This malware is particularly concerning because it can encrypt files without requiring an internet connection, meaning that even offline systems are at risk. Organizations and individuals who fall victim to these phishing attacks could face significant data loss and operational disruptions. Cybersecurity experts warn that the ease of delivery via email makes this a widespread threat that could affect various sectors. Users are advised to be cautious with unsolicited emails and to implement robust security measures to protect against potential attacks.

Feb 9, 2026

TeamPCP Turns Cloud Infrastructure into Crime Bots

darkreading

A group known as TeamPCP has been targeting cloud infrastructures with automated attacks that resemble worm-like behavior. These attacks exploit exposed services and interfaces, allowing the attackers to compromise cloud environments on a large scale. Organizations using cloud services need to be particularly vigilant, as these automated attacks can lead to significant data breaches and operational disruptions. The scale of these attacks poses a serious risk to businesses that may not have adequate security measures in place to protect their cloud environments. Companies are urged to strengthen their defenses against these types of vulnerabilities to prevent falling victim to such automated threats.

Feb 9, 2026

Hackers exploit SolarWinds WHD flaws to deploy DFIR tool in attacks

BleepingComputer

Hackers are exploiting vulnerabilities in SolarWinds Web Help Desk (WHD) to gain unauthorized access to systems. This allows them to execute code on affected machines, deploying legitimate forensic tools like Velociraptor to maintain persistence and enable remote control. Organizations using SolarWinds WHD should be particularly vigilant, as these vulnerabilities can lead to serious security breaches. The situation underscores the need for companies to regularly update and patch their systems to protect against such attacks. Users of the software must act quickly to ensure their environments are secure.

Feb 9, 2026

Hackers breach SmarterTools network using flaw in its own software

BleepingComputer

SmarterTools has reported that its network was breached by the Warlock ransomware gang, which gained access through a vulnerability in the company's email system. Fortunately, this incident did not compromise any business applications or account data, meaning that sensitive user information remains secure. However, the breach raises concerns about the security of email systems and the potential for ransomware attacks targeting software vulnerabilities. Organizations using SmarterTools should review their email security practices and ensure they are employing appropriate safeguards against such threats. This incident serves as a reminder that even established software can have weaknesses that attackers might exploit.

Feb 9, 2026

Cyber Attack Hits European Commission Staff Mobile Systems

Hackread – Cybersecurity News, Data Breaches, AI and More

The European Commission has reported a cyber attack on its mobile infrastructure, which potentially exposed the names and phone numbers of its staff members. This breach raises concerns about the security of sensitive personal information within a major governmental body. Such incidents can lead to targeted phishing attacks and further exploitation of the compromised data. The European Commission has not disclosed specific details about how the attack occurred or whether it has affected other systems. The revelation serves as a reminder of the ongoing risks faced by public institutions in safeguarding their digital assets.

Feb 9, 2026

Two Connecticut Men Charged In Alleged $3m Gambling Fraud Scheme

Infosecurity Magazine

Two men from Connecticut have been charged with a federal crime for allegedly running a fraudulent scheme that targeted online gambling platforms, swindling approximately $3 million. The accused reportedly used sophisticated techniques to manipulate betting systems, allowing them to place bets without the necessary funds. This case raises concerns about the security measures employed by online gambling sites and highlights the vulnerabilities that can be exploited by fraudsters. The investigation into their activities suggests that such schemes could undermine the integrity of online gaming, affecting both the platforms and their users. Law enforcement is taking this case seriously, as it not only involves financial loss but also potential impacts on the reputation and trustworthiness of online gambling environments.

Feb 9, 2026