Security News > 2021 > July > SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack
SolarWinds has issued a hotfix for a zero-day remote code execution vulnerability already under active, yet limited, attack on some of the company's customers.
Though the current threat appears to be from a sole actor and "Involves a limited, targeted set of customers," SolarWinds wanted to remedy the situation before it could escalate, the company said.
SolarWinds does not currently know many customers may be directly affected by the flaw, nor has it identified the ones who were targeted.
SolarWinds likely still has fresh memories of a global supply-chain attack targeting the company's technology that was discovered late last year and stretched well into 2021.
Specifically, attackers installed the Sunburst/Solorigate backdoor inside SolarWinds.
SolarWinds stressed in its advisory that the latest vulnerability is not related to that previous scenario - which cost the company $3.5 million in investigation and remediation expenses - in any way.
News URL
https://threatpost.com/solarwinds-hotfix-zero-day-active-attack/167704/
Related news
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)