Google Chrome Patching 3 High Security Flaws Highlights Browser Security
Google Chrome emergency security update tracked as CVE-2026-2441; Highlights Browser Security
Continue ReadingMonth: February 2026
SolarWinds Serv-U15.5.4 Rocked by Critical RCE Vulnerabilities; Patch Now
Summary : SolarWinds has fixed four critical vulnerabilities in its popular Serv-U file transfer solution, which is used by businesses and organizations of all sizes. vulnerabilities impact SolarWinds Serv-U Managed File Transfer, a platform frequently deployed as an internet-facing FTP/FTPS/SFTP gateway or as an internal file exchange service handling sensitive data.
| OEM | SolarWinds |
| Severity | Critical |
| CVSS Score | 9.1 |
| CVEs | CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
SolarWinds stated that there are no confirmed reports of active exploitation at this time. However, given previous Serv-U vulnerabilities were exploited by advanced threat actors.
SolarWinds Serv-U
is a secure file transfer server used by organizations to manage FTP, FTPS, SFTP, and HTTP/S file transfers across enterprise environments. It is commonly deployed on Windows and Linux servers to securely exchange sensitive business data.
SolarWinds fixed four critical remote code execution vulnerabilities in Serv-U 15.5. These vulnerabilities could allow an attacker with administrative privileges to execute arbitrary native code as root on the affected server.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score | Fixed Version |
| Broken Access Control Remote Code Execution Vulnerability | CVE-2025-40538 | Serv-U | Critical | 9.1 | Serv-U 15.5.4 |
| Type Confusion Remote Code Execution Vulnerability | CVE-2025-40539 | Serv-U | Critical | 9.1 | Serv-U 15.5.4 |
| Type Confusion Remote Code Execution Vulnerability | CVE-2025-40540 | Serv-U | Critical | 9.1 | Serv-U 15.5.4 |
| Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability | CVE-2025-40541 | Serv-U | Critical | 9.1 | Serv-U 15.5.4 |
Technical Summary
These critical vulnerabilities affect SolarWinds Serv-U version 15.5 and arise from weaknesses such as improper access control checks, type confusion errors, and insecure object reference handling.
If exploited, they may allow an attacker to run arbitrary native code with root-level privileges on the affected server.
Successful exploitation requires administrative access. Once obtained, an attacker could create unauthorized administrator accounts, and execute malicious code, potentially resulting in complete system compromise and further movement across the network.
SolarWinds strongly advises upgrading to Serv-U version 15.5.4 to address these security risks.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-40538 | Serv-U 15.5 | Improper access control enabling admin creation and root-level code execution | Admin account creation, full system compromise |
| CVE-2025-40539 | Serv-U 15.5 | Type confusion enabling arbitrary native code execution as root | Arbitrary native code execution |
| CVE-2025-40540 | Serv-U 15.5 | Type confusion leading to root-level native code execution | Root-level execution |
| CVE-2025-40541 | Serv-U 15.5 | IDOR enabling unauthorized access and root-level code execution | Remote code execution as root |
Potential Consequences
- Full server takeover
- Privilege escalation
- Lateral movement within enterprise network
- Data exfiltration
- Malware or backdoor deployment
Remediation:
Upgrade immediately to Serv-U product with below mentioning fixed version-
- Serv-U 15.5.4
If immediate patching is not possible, apply the following temporary mitigations-
- Restrict Serv-U administrative access to trusted IP ranges.
- Enforce MFA for all Serv-U admin accounts.
- Ensure services run with least privilege.
- Conduct audit of newly created administrative accounts.
You can follow the recommendations below as a best practice-
- Enforce strict administrative access controls.
- Monitor logs for unauthorized privilege escalation.
- Implement network segmentation for file transfer servers.
- Apply regular patch management and vulnerability scanning.
Conclusion:
These four newly disclosed vulnerabilities in SolarWinds Serv-U represent critical remote code execution risks. Although exploitation has not been confirmed, Serv-U’s history of targeted attacks increases the urgency for patching.
Organizations should treat this as a priority patching event and immediately upgrade to Serv-U 15.5.4 to prevent potential root-level compromise.
References:
Critical Vulnerability in CISCO Catalyst SD-WAN Authentication Bypass 0-Day; Patch Now
Cisco SD-WAN Authentication Bypass Zero-Day
Continue Reading
CISA added FileZen CVE-2026-25108 to its KEV Catalog; Patch Now
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-25108 to its Known Exploited Vulnerabilities (KEV) catalog, that is being exploited in the wild.
Findings from CISA also confirmed about the flaw, that it affects Soliton Systems K.K. FileZen, a file transfer product. It has been included in KEV, sensing urgency for organizations still running vulnerable versions of the product.
“Soliton Systems K.K FileZen contains an OS command injection vulnerability when a user logs-in to the affected product and sends a specially crafted HTTP request,” CISA said.
Key Findings from FileZen CVE-2026-25108 vulnerability added in CISA’s KEV list
The primary reason after evaluation by threat researcher’s were –
FileZen CVE-2026-25108 is an OS command injection vulnerability. According to NVD, when the FileZen Antivirus Check Option is enabled, a logged-in user can send a specially crafted HTTP request and execute arbitrary operating system commands. In such scenario an attacker with valid access could potentially run commands on the underlying server, creating serious risk to confidentiality, integrity, and availability.
- The vulnerability carries a CVSS v4 score of 8.7 (High) from JPCERT/CC, and NVD also lists a CVSS v3.1 score of 8.8 (High).
- Being a high-severity, actively exploited flaw tied to direct command execution and class of bug occurs when an application improperly handles input that ends up being interpreted by the operating system as a command.
- For attackers it becomes easy to manipulate server behavior and potentially execute arbitrary commands
Why CISA added FileZen CVE-2026-25108 to its KEV
- The vulnerability is not unauthenticated and any exploitation by attackers will requires a user to be logged in and it’s still not safe.
- What we witnessed in case of many real-world attacks always begins with stolen credentials or weak passwords or previously compromised accounts of less privileged.
- Any availability of any valid account could escalate the flaw like FileZen CVE-2026-25108 can pave way for an deeper compromise in future.
- This is exactly why CISA’s KEV addition matters so much. A KEV listing means the issue has moved beyond theoretical risk and into confirmed real-world exploitation.
Impact of the Vulnerability as assessed by vendor JVN (Japan Vulnerability Notes)
JVN states that if a user logs in to the affected product and sends a specially crafted HTTP request, an arbitrary OS command may be executed.
Soliton similarly says there is a possibility that a remote third party could execute arbitrary OS commands within FileZen.
The practical impact of that can be severe. Depending on server configuration and user privileges, successful exploitation could allow an attacker to:
- Run unauthorized commands on the server
- Manipulate files or processes
- Establish persistence
- Access sensitive transferred data
- Use the compromised FileZen environment as a pivot point into internal systems
Technical Analysis of CVE-2026-25108
OS command injection occurs when an application transmits unsafe data-such as cookies, form fields, or HTTP headers-to an operating system shell. In the case of FileZen, the vulnerability manifests during the file processing phase when the Antivirus Check Option is active. The system’s internal logic processes HTTP requests in a manner that allows an attacker to append shell commands to legitimate parameters.
Remediation & understanding why it is essential to integrate with threat intelligence monitoring platform
Organizations utilizing these versions must prioritize the transition to version 5.0.11 or later. When vendor platform Soliton indicated that simply disabling the Antivirus Check Option may reduce the immediate attack surface but does not replace the requirement for a full firmware update.
As per vendor’s suggestion a resetting of password for all users if an organization suspects a compromise. Integration with cyber threat intelligence platform will provide early warning indicators of exploitation as cyber threat intelligence platforms collect data from various sources to provide early warning indicators of exploitation.
CISA has set a deadline of March 17, 2026, for Federal Civilian Executive Branch (FCEB) agencies to remediate CVE-2026-25108. This mandate specifically applies to federal agencies, it serves as a stark reminder for private sector organizations. The inclusion in the KEV catalog implies that the vulnerability is being used in the wild, likely by state-sponsored actors or organized cybercriminal groups.
Sources; CVE-2026-25108 CISA Confirms Active Exploitation of FileZen
Cyber Breaches Disrupt Business Continuity; & Speak more about Balance Sheet
Cyber Breaches Disrupts Business Continuity Impacting the Balance sheet
Continue Reading
AI Lazed Attacks Targets 600+FortiGate Firewalls; Amazon; What Makes AI a Powerful tool for Hackers
AI Lazed Threat Actors Compromised 600 +Fortinet FortiGate firewalls in 55 countries
Continue Reading
Microsoft 365 Copilot Defect Exposes AI Summarizes of Confidential Emails
Microsoft 365 Copilot Vulnerability Bypasses DLP Policies, Summarizes Confidential Emails; Bug Tracked CW1226324
Summary :
A recently disclosed issue in Microsoft 365 Copilot caused the AI assistant to summarize confidential emails despite sensitivity labels and Data Loss Prevention (DLP) policies being configured.
The bug, tracked under CW1226324, allowed Copilot’s “Work Tab” chat feature to process and summarize emails from Sent Items and Draft folders, even when those emails carried confidentiality labels designed to restrict automated access.
Microsoft findings
Microsoft’s investigation revealed a code-level defect as the root cause. The flaw allows Copilot to inadvertently pick up items stored in users’ Sent Items and Draft folders, bypassing the confidentiality labels applied to those messages.
Although Microsoft categorized the issue as an advisory with potentially limited scope, the incident raises significant concerns regarding AI governance, trust boundaries, and enterprise data protection controls.
As per CSN the flaw allows Copilot to inadvertently pick up items stored in users’ Sent Items and Draft folders, ignoring the confidentiality labels applied to those messages.
Vulnerability Details
The issue happened because of an internal coding mistake in Microsoft 365 Copilot’s Work Tab chat feature. Due to this error, Copilot was able to access emails stored in Sent and Draft folders, even if they were marked as confidential.
In normal conditions, sensitivity labels and DLP policies should block automated tools from processing such emails.
However, because of this flaw, Copilot treated those protected emails as regular content and created summaries from them until Microsoft began deploying a fix in February 2026.
Attack Flow
| Step | Description |
| Configuration | Organization applies confidentiality labels and DLP policies to sensitive emails. |
| Storage | Emails are stored in Sent Items or Draft folders. |
| Trigger | User interacts with Copilot “Work Tab” Chat. |
| Processing | Due to the code bug, Copilot accesses labeled emails. |
| Exposure | Copilot generates summaries of confidential content, bypassing expected DLP enforcement. |
Source:0din
Why It’s Effective
- DLP Control Bypass: AI processing occurred despite policy enforcement.
- Trust Boundary Violation: Copilot acted as a privileged internal processor without honoring classification restrictions.
- Compliance Risk: Potential regulatory implications under GDPR, HIPAA, ISO 27001, and industry frameworks.
- AI Governance Gap: Demonstrates that AI systems must be independently validated against traditional security controls.
Broader Implications
This issue shows that AI tools inside business software can sometimes ignore security rules, even when protection like DLP and sensitivity labels are properly set. It proves that AI systems can create new risk areas that traditional security controls may not fully cover.
As more companies use AI assistants in daily work, security teams must regularly test and monitor how AI handles sensitive data. AI should be treated like a powerful internal system that needs strict oversight, not just a simple productivity feature.
Remediation:
Microsoft has initiated a fixed rollout and is monitoring deployment progress. However, organizations should take proactive measures:
- Validate that sensitivity labels are now properly enforced with Copilot.
- Audit Copilot usage logs and AI interaction history.
- Re-test DLP enforcement across Sent and Draft folders.
- Update AI governance documentation and risk registers.
- Conduct tabletop exercises covering AI-driven data exposure scenarios.
Conclusion:
This incident highlights that AI integrations can introduce unexpected security gaps, even in well-configured enterprise environments. Organizations cannot assume that existing security controls will automatically work the same way with AI-powered features.
As AI adoption increases, companies must strengthen AI governance, continuously validate security policies, and monitor AI behavior just like any other critical system. Proactive testing and oversight are essential to prevent future data exposure risks.
Bypassing DLP policies by AI aided assistants signals huge security gap which needs to be addressed at enterprise level as AI tool taking over enterprise security posture cannot be undermined.
References:
Threat Landscape Expands in Supply Chain Due to Ransomware Attacks
How Ransomware Supply Chain Attacks Works
Continue Reading
Chrome Security Updates by Google Released For Actively Exploited Zero-Day 2026
Chrome update released to patch a zero-day vulnerability that has been exploited in the wild.
Continue Reading
Microsoft Patch Tuesday Feb-2026, Critical Azure RCE & Windows EoP & 0-Days
Microsoft’s February 2026 Patch Tuesday
Continue Reading
Recent Comments