Table of Contents

    Get Our Blogs Directly to Your Inbox, Every Friday

    Additional Resources:

    Case Study: Delivering Modern MDR Excellence to a Global Aerospace Manufacturer

    Case Study: Delivering Modern MDR Excellence to a Global Aerospace Manufacturer

    Articles

    1 min read

    Security Advisory: Weekly Advisory March 25th, 2026

    Security Advisory: Weekly Advisory March 25th, 2026

    Cybersecurity News

    4 min read

    In this week’s Security Advisory

    • **Updated** SolarWinds Warns of Critical Web Help Desk RCE
    • WatchGuard patches Firebox LDAP Injection Vulnerability
    • Palo Alto Patches DoS Vulnerability in GlobalProtect Gateway and Portal
    • Notepad++ Update Feature was Hijacked by State Actors
    • SandBox Escape Vulnerability Leads to n8n RCE attacks

    **Updated** SolarWinds Warns of Critical Web Help Desk RCE

    It has been confirmed that this vulnerability has been exploited in the wild. If you have not yet applied the latest patches, it is recommended that you do so as soon as possible.

    More Reading / Information

    Original Advisory:

    SolarWinds has issued security updates addressing critical vulnerabilities in its Web Help Desk platform, including flaws that allowed authentication bypass and remote code execution. The authentication bypass security flaws are being tracked as CVE-2025-40552 (CVSS 9.8/10) and CVE-2025-40554 (CVSS 9.8/10). Successful exploitation of these vulnerabilities could allow an actor to execute code. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

    Affected Versions

    • SolarWinds Web Help Desk versions before 2026.1.

    Recommendations

    • Upgrade to Web Help Desk Version 2026.1.

    More Reading / Information

    WatchGuard patches Firebox LDAP Injection Vulnerability

    WatchGuard has patched a new, high-severity vulnerability in its Fireware OS. The vulnerability, CVE-2026-1498 (CVSS 7/10), can allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server. This is achieved through an exposed authentication or management web interface.

    Affected Versions

    • Fireware OS 12.0 through 12.11.6.
    • Fireware 2025.1 through 2025.1.4.

    Recommendations

    • Upgrade Fireware OS 12.x versions to 12.11.7.
    • Upgrade Fireware 2025.x versions to 2026.1.
    • Upgrade Fireware OS 12.5.x (T15 & T35 models) to 12.5.16.
    • Always restrict access to trusted IP addresses.

    More Reading / Information

    Palo Alto Patches DoS Vulnerability in GlobalProtect Gateway and Portal

    Palo Alto has patched a new vulnerability in its PAN-OS software. The vulnerability, CVE-2026-0227 (CVSS 7.7/10), can allow an unauthenticated attacker to trigger a denial of service (DoS) to the firewall. Repeated attempts of this attack can cause the firewall to enter maintenance mode.

    Affected Versions

    • A full list of affected versions can be found here.

    Recommendations

    • Apply the latest patches.

    More Reading / Information

    Notepad++ Update Feature was Hijacked by State Actors

    Starting in June 2025, Notepad++’s hosting provider was compromised, and traffic from certain targeted users was selectively redirected to attacker-controlled malicious update manifests. Subsequent analysis indicated that victim machines included the installation of a covert back-door.

    The shared hosting server was compromised until September 2, 2025; however, attackers maintained credentials to internal services until December 2, 2025, which allowed them to continue redirecting Notepad++ update traffic to malicious servers. Notepad++ has applied new security enhancements in its latest version and stated that they plan to enforce mandatory certificate signature verification in its next update.

    Affected Versions

    • Potentially all prior versions.

    Recommendations

    • Review potentially impacted endpoints for indicators of compromise, details linked below.
      Upgrade to Notepad++ v8.9.1.

    More Reading / Information

    SandBox Escape Vulnerabilities Lead to n8n RCE Attacks

    Two vulnerabilities were discovered in the n8n workflow automation platform. The first vulnerability, CVE-2026-1470 (CVSS 9.9/10), impacts the expression evaluation engine and could allow attackers to execute arbitrary JavaScript code. The second vulnerability, CVE-2026-0863 (CVSS 8.5/10), affects the Python execution in the code’s “Internal” mode. In this configuration, the code is executed as a process on the main node, which could allow an authenticated attacker to exploit the vulnerabilities.

    Affected Versions

    • A CVE-2026-1470 – all n8n versions prior to 1.123.17, 2.4.5, or 2.5.1.
    • CVE-2026-0863 – all n8n versions prior to 1.123.14, 2.3.5, or 2.4.2.

    Recommendations

    • CVE-2026-1470 – n8n users should upgrade to version 1.123.17, 2.4.5, or 2.5.1.
    • CVE-2026-0863 – n8n users should upgrade to version 1.123.14, 2.3.5, or 2.4.2.s.

    More Reading / Information

    Recommendations

    Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.