A critical vulnerability (CVE-2024-28989) in SolarWinds’ Web Help Desk software allowed attackers to decrypt sensitive credentials due to weaknesses in AES-GCM implementation, including static encryption keys and nonce reuse. Patched in version 12.8.5, the flaw enabled practical decryption even without direct access. Organizations are urged to upgrade, restrict backup access, and implement robust key management practices.
AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks – Unit 42
AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks Unit 42
