A critical vulnerability (CVE-2024-28989) in SolarWinds’ Web Help Desk software allowed attackers to decrypt sensitive credentials due to weaknesses in AES-GCM implementation, including static encryption keys and nonce reuse. Patched in version 12.8.5, the flaw enabled practical decryption even without direct access. Organizations are urged to upgrade, restrict backup access, and implement robust key management practices.

When loading a model means loading an attacker
You probably think twice before downloading a random app or opening an unfamiliar email attachment. But how often do you stop to consider what happens