Weekly Cyber Briefing 02.02.2026
SolarWinds critical CVEs could spell trouble for businesses; Moltbot goes viral, but could imperil corporate data; Malicious open-source packages more widespread than ever; Ivanti zero days exploited in the wild; WhatsApp’s ‘Strict Account Settings’ could protect at-risk execs
SolarWinds has released an update to its popular Web Help Desk IT help desk software to address four critical vulnerabilities rated at CVSS 9.8. CVE-2025-40552 and CVE-2025-40554 are authentication-bypass security flaws that could allow unauthenticated attackers to gain admin-level access to the help desk system through low-complexity attacks. CVE-2025-40553 and CVE-2025-40551 are untrusted data deserialisation vulnerabilities that allow unauthenticated actors to execute commands on the host machine.
If chained, exploitation of these CVEs could allow remote adversaries to gain complete control of the system, using it as a starting point for lateral movement, data theft, and ransomware. Experts warn that in-the-wild exploitation is likely.
Upgrade vulnerable servers to Web Help Desk 2026.1 as soon as possible according to SolarWinds’ instructions.
A new open-source AI personal assistant could put sensitive enterprise information at risk, security experts warn. Moltbot (formerly Clawdbot) is an AI agent that can run locally on user devices and requires access to users’ accounts and credentials to function as intended. However, if misconfigured, it may allow unauthenticated access via the internet. There’s also a risk of indirect prompt injection if an attacker sends a message for the bot to read. And malicious plugins known as “skills” could be uploaded to (and unwittingly downloaded from) the Moltbot library.
The bot stores a wealth of sensitive information, including API keys, session tokens and plaintext credentials. It could also provide access to conversations on messaging apps. That makes it an attractive target. If installed by a user on a work machine, it could expose corporate secrets and sensitive data to remote attackers.
CISOs should consider updating policies/comms to request employees don’t download the bot onto work devices. If permitted, encourage users to run the AI in a virtual machine (rather than directly on the host) and to configure firewall rules for internet access.
New research from Sonatype reveals a 75% annual increase in malicious open source packages across npm, PyPI, Maven Central, NuGet, and Hugging Face. It warned that campaigns are becoming “industrialised”, adding that AI development assistants often fail to verify provenance, policy , or known-malicious indicators.
Open source downloads reached an estimated 9.8 trillion last year, up 67%. If your teams download buggy or malicious packages, it can create technical debt, legal liability, and the risk of compromise.
Consider isolating developer infrastructure (i.e., via VDI) to contain potential breaches. Enforce automated scanning of packages – e.g. via Software Composition Analysis (SCA) tools.
Ivanti has revealed two critical vulnerabilities in its Ivanti Endpoint Manager Mobile (EPMM) that are being actively exploited. With a CVSS score of 9.8, these code injection flaws allow remote attackers to execute arbitrary code on EPMM appliances without authentication.
As an edge device, compromise of EPMM could give attackers a foothold from which to move laterally into the corporate network. The EPMM devices also contain sensitive information (user and admin names, email and IP addresses, mobile phone numbers etc).
Apply the patch immediately per Ivanti’s instructions. Ivanti says there’s no downtime required or “functional impact” from doing so.
WhatsApp has introduced a new Strict Account Settings feature designed to reduce the risk of device compromise. Akin to Apple’s “lockdown mode”, it limits the app’s functionality in order to improve security. Key features include blocking attachments from unknown senders, silencing calls from unknown callers, disabling link previews, and mandating 2FA.
The feature might insulate high-profile executives from being targeted by commercial spyware delivered by zero-day exploits.
The feature will be overkill for most users, so carefully consider which executives may be at risk of spyware. First, analyse data on their usage patterns and any historic targeting by threat actors. Then evaluate the tool’s potential impact on the workflow before deciding whether to deploy it.
Features 28.01.2026
How a series of avoidable weaknesses cost the French telco dear
Features 22.01.2026
On January 3, insurance specialist Prosura identified unauthorised access to “a portion of our internal IT systems” by an unknown third party
General 21.01.2026
How did a former employee go undetected for five months?