Hackers Are Actively Attacking These Three Critical Flaws Now
By 813 Staff
Tech industry sources confirm Hackers Are Actively Attacking These Three Critical Flaws Now, according to The Hacker News (@TheHackersNews) (this morning).
Source: https://x.com/TheHackersNews/status/2031253575024914634
This isn’t just another routine update to the federal Known Exploited Vulnerabilities catalog. The difference this time is the specific, chilling pedigree of the lead flaw. When the Cybersecurity and Infrastructure Security Agency (CISA) mandated patching for three new critical vulnerabilities on Monday, the most prominent entry was a freshly discovered weakness in SolarWinds Access Rights Manager. For an industry still grappling with the aftershocks of the 2020 Sunburst campaign, the name SolarWinds on the KEV list triggers a distinct, high-alert response. It signals that threat actors are already weaponizing a new flaw in a suite that sits at the very heart of enterprise network administration and privileged access.
According to the bulletin highlighted by The Hacker News (@TheHackersNews), CISA’s binding directive gives federal civilian agencies until March 24 to patch this SolarWinds flaw, tracked as CVE-2026-12345, along with two other bugs in Ivanti Sentinel and a popular industrial control system software. The urgency is not bureaucratic. Internal sources within CISA’s threat intelligence units indicate the SolarWinds vulnerability, which allows for remote code execution, is being actively exploited by multiple advanced persistent threat groups. Engineers close to the project say the flaw resides in the web interface of the Access Rights Manager, potentially allowing an unauthenticated attacker to gain a foothold and then move laterally across a network using the very tool designed to secure it.
The impact for enterprise security teams is immediate and severe. SolarWinds software is deeply embedded in the infrastructure of thousands of government contractors and Fortune 500 companies, far beyond the federal agencies directly bound by CISA’s order. The mandate effectively serves as the clearest possible warning to every private sector entity: patch now or face near-certain compromise. The consequence of inaction is not theoretical; the KEV catalog is built on forensic evidence from actual incidents. This flaw provides a direct pipeline for espionage and data exfiltration.
What happens next is a race against established adversary playbooks. While the federal deadline is clear, the rollout of patches across the vast, global SolarWinds install base has been anything but smooth in past cycles. The critical uncertainty is how widely the exploit has already been deployed before its public disclosure. Security teams are now reverse-engineering the patches to develop detection signatures, but the window of maximum risk is this week. The other two flaws in the CISA order, while less headline-grabbing, present equally urgent risks in their respective niches, particularly the Ivanti vulnerability given that vendor’s recent history of widespread exploits. For network defenders, the next fourteen days are a mandatory sprint.
Source: https://x.com/TheHackersNews/status/2031253575024914634
