News

watchTowr Labs
labs.watchtowr.com > buy-a-help-desk-bundle-a-remote-access-solution-solarwinds-web-help-desk-pre-auth-rce-chain-s

Buy A Help Desk, Bundle A Remote Access Solution? (SolarWinds Web Help Desk Pre-Auth RCE Chain(s))

1+ hour, 29+ min ago  (1724+ words) Gain early access to our research, and understand your exposure - request a demo of the watchTowr Platform! It's been a while, but we're back - in time for story time. Gather round, strap in, and prepare for another depressing journey of…...

watchTowr Labs
labs.watchtowr.com > someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340

Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340)

3+ week, 5+ day ago  (1255+ words) When Ivanti removed the embargoes from CVE-2026-1281 and CVE-2026-1340 - actively exploited pre-auth Remote Command Execution vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM) solution - we sighed with relief. Clearly, the universe had decided to continue mocking Secure-By-Design signers right on schedule…...

watchTowr Labs
labs.watchtowr.com > attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass

Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass)

1+ mon, 3+ day ago  (1017+ words) Well, well, well - look what we're back with. You may recall that merely two weeks ago, we analyzed CVE-2025-52691 - a pre-auth RCE vulnerability in the SmarterTools SmarterMail email solution with a timeline that is typically reserved for KEV hall-of-famers. The…...