CVE-2025-26399

Published Sep 23, 2025

Last updated 2 months ago

Exploit knownCVSS critical 9.8
Zero-day
SolarWinds Web Help Desk
Server
Rdp
Supply chain
web application

Overview

Description
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
Source
psirt@solarwinds.com
NVD status
Analyzed
Products
web_help_desk

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
Exploit added on
Mar 9, 2026
Exploit action due
Mar 12, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@solarwinds.com
CWE-502
nvd@nist.gov
CWE-502

Social media

Hype score
Not currently trending

  1. Hackers abusing QEMU 🚨 VMs used for stealth access, creds, exfiltration CVE-2025-26399, CitrixBleed2 in play 💬 Detectable or invisible? Follow @TechNadu #CyberSecurity #InfoSec https://t.co/aHk3IJeuDK

    @TechNadu

    21 Apr 2026

    134 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Hackers are exploiting QEMU VMs to create reverse SSH tunnels for deploying ransomware and RATs. Campaigns STAC4713 and STAC3725 leveraged SonicWall VPNs, SolarWinds CVE-2025-26399, and CitrixBleed2 CVE-2025-5777. #GoldEncounter #QEMUAbuse #USA https://t.co/cis34haini

    @TweetThreatNews

    21 Apr 2026

    255 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Payouts King ransomware deploys QEMU VMs running Alpine Linux to evade endpoint detection and establish covert SSH tunnels. Campaign exploits SonicWall VPNs and CVE-2025-26399, linked to GOLD ENCOUNTER group and former BlackBasta affiliates. #DFIR_Radar https://t.co/mJVnw0plQU

    @DFIR_Radar

    17 Apr 2026

    261 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  4. 🚨 CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk deserialization RCE—KEV Mar 2026, cmd exec on helpdesks. Supply chain redux! https://t.co/hf7QcrCLrM

    @TheRabbitPy

    24 Mar 2026

    136 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk deserialization RCE—added to CISA KEV Mar 2026. Active cmd exec on helpdesks! https://t.co/GdrZxOwIeI

    @TheRabbitPy

    23 Mar 2026

    96 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CISA KEV 警告 26/03/09:SolarWinds Web Help Desk の脆弱性 CVE-2025-26399 を KEV カタログへ登録 https://t.co/rdpOanLDV8 SolarWinds Web Help Desk の脆弱性 CVE-2025-26399 の根本的な原因は、 AjaxProxy

    @iototsecnews

    19 Mar 2026

    113 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🔥 CISA KEV: SolarWinds WHD RCE (CVE-2025-26399) SolarWinds Workflow Health Dashboard (WHD) Remote Code Execution vulnerability. This is a critical vulnerability in a widely used network management platform. Thread on what you need to know 👇

    @DeusLogica

    18 Mar 2026

    71 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    5 Replies

    0 Quotes

  8. 🔥 CISA KEV: SolarWinds WHD RCE (CVE-2025-26399) SolarWinds Workflow Health Dashboard (WHD) Remote Code Execution vulnerability. This is a critical vulnerability in a widely used network management platform. Thread on what you need to know 👇

    @DeusLogica

    17 Mar 2026

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    5 Replies

    0 Quotes

  9. Handala Hack (Iranian APT) compromised Stryker medical tech causing global disruption while Signal faces targeted phishing campaigns against high-profile users. CVE-2025-26399 in SolarWinds Web Help Desk under active exploitation. #DFIR_Radar https://t.co/5BLnXfiYvD

    @DFIR_Radar

    17 Mar 2026

    116 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. 🔥 CISA KEV: SolarWinds WHD RCE (CVE-2025-26399) SolarWinds Workflow Health Dashboard (WHD) Remote Code Execution vulnerability. This is a critical vulnerability in a widely used network management platform. Thread on what you need to know 👇

    @DeusLogica

    16 Mar 2026

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    5 Replies

    0 Quotes

  11. 🛡️ CVE-2025-26399: Vulnerabilidad Crítica de Deserialización en SolarWinds Web Help Desk Análisis técnico de la CVE-2025-26399 en SolarWinds Web Help Desk, una falla crítica de deserialización que permite ejecución remota de comandos. Impacto, mitig https://t.co/ktpX9

    @CiberPlanetaOrg

    16 Mar 2026

    118 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🛡️ Alerta de Seguridad: Vulnerabilidad de Deserialización de Datos No Confiables en SolarWinds Web Help Desk (CVE-2025-26399) SolarWinds Web Help Desk presenta una vulnerabilidad crítica de deserialización de datos no confiables (CWE-502) en AjaxProxy, permitiendo ejecuci

    @CiberPlanetaOrg

    16 Mar 2026

    118 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🛡️ Alerta de Seguridad: Vulnerabilidad de Deserialización de Datos No Confiables en SolarWinds Web Help Desk (CVE-2025-26399) SolarWinds Web Help Desk presenta una vulnerabilidad crítica de deserialización de datos no confiables en AjaxProxy, permitiendo ejecución remota

    @CiberPlanetaOrg

    16 Mar 2026

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🔥 CISA KEV: SolarWinds WHD RCE (CVE-2025-26399) SolarWinds Workflow Health Dashboard (WHD) Remote Code Execution vulnerability. This is a critical vulnerability in a widely used network management platform. Thread on what you need to know 👇

    @DeusLogica

    15 Mar 2026

    160 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    5 Replies

    0 Quotes

  15. Another CVE which is quite actively exploited: CVE-2025-26399: Critical (CVSS 9.8) unauthenticated RCE in SolarWinds Web Help Desk via AjaxProxy deserialization. This is the third iteration of the same vulnerability chain. confirmed active exploitation. https://t.co/tItKqoOypO

    @vulnsurge

    15 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Alerte Urgente : CVE-2025-26399 Exploitée Activement – Patch Impératif pour SolarWinds Web Help Desk avant le 12 Mars 2026 ! https://t.co/RVPsriSmla

    @NicolasCoolman

    14 Mar 2026

    127 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🔴 CISA KEV OVERDUE: SolarWinds Web Help Desk deserialization (CVE-2025-26399) Due date was TODAY. If you're running SolarWinds Web Help Desk and haven't patched, you're exposed. Command execution via AjaxProxy. Post-SUNBURST, we should know better. Thread on impact and

    @DeusLogica

    13 Mar 2026

    347 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    5 Replies

    1 Quote

  18. Urgent: Critical vulnerability CVE-2025-26399 in SolarWinds Web Help Desk allows unauthenticated RCE. Apply patches immediately to secure your systems. https://t.co/UqJxNG1K9U #Vulnerability #Security #CVE #Patch #RCE #Threat #Exploit #Network #Protection #Firewall #Risk #Alert h

    @dailytechonx

    13 Mar 2026

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. ⚠️ CISA added 3 actively exploited flaws to KEV. Most critical: SolarWinds Web Help Desk CVE-2025-26399 (CVSS 9.8) allowing remote command execution. Other KEV entries hit Omnissa Workspace One UEM and Ivanti Endpoint Manager. Federal agencies ordered to patch. 🔗 Detail

    @YourAnonYan

    13 Mar 2026

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. SolarWinds Web Help Deskに深刻なRCE脆弱性CVE-2025-26399が見つかった。すでに実際の攻撃で悪用されており、CISAは既知悪用脆弱性カタログに追加。管理者に緊急のパッチ適用を求めている。

    @yousukezan

    12 Mar 2026

    1472 Impressions

    1 Retweet

    9 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨 Daily Threat Intel | Mar 12, 2026 🔴 Active: Mirai botnets, QakBot C2, CobaltStrike, Sliver C2 ⚠️ Patch NOW: CVE-2025-26399 (SolarWinds RCE - due today!) 🟠 High: LummaStealer, ACRStealer, Vidar, Ivanti EPM bypass #ThreatIntel #CyberSecurity #SOC https://t.co/d6ZU6hy

    @404LABSx

    12 Mar 2026

    109 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 大多数人把 OpenClaw 当成“会聊天的机器人外壳”,这理解已经落后了。真正的分水岭,是它能不能把外部风险信号,自动变成你团队今天就会执行的动作。 今天一个很硬的信号:CISA KEV 目录更新到 2026.03.11,总

    @Sxsyer

    12 Mar 2026

    164 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog due to active exploitation: 1. CVE-2021-22054 (CVSS 7.5) - SSRF in Omnissa Workspace One UEM. 2. CVE-2025-26399 (CVSS 9. https://t.co/tHJNScYma6

    @securityRSS

    11 Mar 2026

    95 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Attackers exploited CVE-2025-26399 to achieve unauthenticated RCE in SolarWinds Web Help Desk's AjaxProxy component. This deserialization flaw enables privilege escalation and lateral movement across compromised networks. Runtime segmentation helps contain post-compromise

    @aviatrixtrc

    11 Mar 2026

    103 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 🔎 Trending CVE CVE-2025-26399 betrifft SolarWinds Web Help Desk. Eine unsichere Deserialisierung im AjaxProxy-Endpoint ermöglicht Remote Code Execution ohne Authentifizierung. Die Schwachstelle wurde in den CISA KEV-Katalog aufgenommen. Details: https://t.co/lCwh5JfsXl htt

    @VulnDex

    11 Mar 2026

    121 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  26. CISA adds 3 x exploited vulns to KEV catalog. Info, incl. fix info, at SecAlerts: CVE-2025-26399: https://t.co/oLzBFWDokL CVE-2026-1603: https://t.co/5Duu3lhHy6 CVE-2021-22054: https://t.co/30hzGgqfQl #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #secalerts #CISA

    @SecAlertsCo

    11 Mar 2026

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. CISA accelerates patch deadlines for critical vulnerabilities in SolarWinds Web Help Desk (CVE-2025-26399) and Ivanti (CVE-2026-1603) amid active exploitation and nation-state targeting. #SolarWinds #Ivanti #USA https://t.co/GTfky7muTF

    @TweetThreatNews

    11 Mar 2026

    187 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 大多数公司把“漏洞修复”当技术问题,我的判断相反:它本质上是经营问题。今天最危险的不是有没有漏洞,而是你以为“有人在处理”,但没人能拿出证据。 我先给一个今天就能落地的事实:CISA 的 KEV 目录

    @Sxsyer

    11 Mar 2026

    146 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. TRC analysis shows attackers exploiting CVE-2025-26399 in SolarWinds Web Help Desk are achieving full compromise chains—from initial deserialization to lateral movement and ransomware deployment. Runtime segmentation could help contain post-compromise activity across network

    @aviatrixtrc

    11 Mar 2026

    102 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  30. PATCH NOW! CVE-2025-26399 SolarWinds Web Help Desk This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected systems. To learn more, please visit our website: https://t.co/TPYtvAUaFZ https://t.co/UduRkiboOc

    @NetSPI

    10 Mar 2026

    225 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  31. TRC analysis shows attackers exploiting CVE-2025-26399 to achieve remote code execution on SolarWinds Web Help Desk, then pivoting laterally across enterprise networks. Runtime segmentation can help limit blast radius once initial compromise occurs. #ZeroDay 🔗 Full breakdown:

    @aviatrixtrc

    10 Mar 2026

    103 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Ivanti Endpoint Manager flaw CVE-2025-26399 exploited. Patch immediately within CISA deadline. #CyberSecurity #InfoSec #Security

    @nin_tech_x

    10 Mar 2026

    105 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 大多数企业把“漏洞修复”当IT任务,我的观点相反:它本质上是经营生死线,不是技术待办。 今天我盯着一个很具体的倒计时:CISA KEV里 SolarWinds Web Help Desk 的 CVE-2025-26399,官方 dueDate 是

    @Sxsyer

    10 Mar 2026

    160 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. CISA added CVE-2021-22054, CVE-2025-26399, and CVE-2026-1603 to its Known Exploited Vulnerabilities list due to active attacks. Issues affect SolarWinds Web Help Desk, Ivanti, and Workspace One with federal patch deadlines in 2026. #SolarWinds #Ivanti https://t.co/eX4J3pZZVE

    @TweetThreatNews

    10 Mar 2026

    180 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. CISA adds Ivanti Endpoint Manager, SolarWinds Web Help Desk, VMware Workspace ONE flaws (CVE-2025-26399, CVE-2026-1603, CVE-2021-22054) to KEV list amid active exploitation. Patch now. https://t.co/JBOxjkPaQF

    @threatcluster

    10 Mar 2026

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. 大多数人盯着金价和油价,但接下来30天,真正会先变贵的,可能是“安全交付能力”。 今天下午我盯了一圈公开漏洞目录,看到一个细节:SolarWinds Web Help Desk 相关漏洞(CVE-2025-26399)的官方处置截止日就在3月12

    @Sxsyer

    10 Mar 2026

    141 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🔍 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐕𝐄 𝐛𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐧𝐨𝐰! Discover why CVE-2025-26399 SolarWinds exploit is a critical threat driving active exploitation and how organizations can patch quickly to limit dama

    @PurpleOps_io

    10 Mar 2026

    105 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-26399 #SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability https://t.co/DvIian246S

    @ScyScan

    10 Mar 2026

    101 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. ⚠️ CISA added 3 actively exploited flaws to KEV. Most critical: SolarWinds Web Help Desk CVE-2025-26399 (CVSS 9.8) allowing remote command execution. Other KEV entries hit Omnissa Workspace One UEM and Ivanti Endpoint Manager. Federal agencies ordered to patch. 🔗 Detail

    @TheHackersNews

    10 Mar 2026

    8895 Impressions

    21 Retweets

    78 Likes

    12 Bookmarks

    0 Replies

    3 Quotes

  40. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログに3件の脆弱性が追加。Omnissa Workspace ONEのCVE-2021-22054、SolarWinds Web Help DeskのCVE-2025-26399、Ivanti Endpoint Manager (EPM)のCVE-2026-160

    @__kokumoto

    9 Mar 2026

    4254 Impressions

    1 Retweet

    4 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  41. CVE Alert: CVE-2025-26399 - SolarWinds - Web Help Desk - https://t.co/DXHNLSSmUM #OSINT #ThreatIntel #CyberSecurity #cve-2025-26399 #solarwinds #web-help-desk

    @RedPacketSec

    9 Mar 2026

    117 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  42. 🛡️ We added Omnissa Workspace ONE UEM vulnerability CVE-2021-22054, SolarWinds Web Help Desk vulnerability CVE-2025-26399, & Ivanti Endpoint Manager vulnerability CVE-2026-1603 to our KEV Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecurity #InfoSe

    @CISACyber

    9 Mar 2026

    4890 Impressions

    9 Retweets

    37 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  43. ⚠️ Vulnerabilidad en productos SolarWinds ❗ CVE-2025-26399 ➡️ Más info: https://t.co/gWjwuUixb6 https://t.co/9Z108rO8XX

    @CERTpy

    10 Feb 2026

    102 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Active exploitation of SolarWinds Web Help Desk (CVE-2025-26399, CVE-2025-40551): actors deployed Zoho ManageEngine RMM and Velociraptor via MSIs staged on Catbox and Supabase; affected versions prior to 12.8.7 HF1. #solarwinds #velociraptor #zoho https://t.co/BlZ01sATAW

    @hasamba

    10 Feb 2026

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Critical Solarwinds vulns are being actively exploited. Extensive info, incl. fix info, at SecAlerts: CVE-2025-40551 (CVSS 9.8) - https://t.co/naxlLilyde CVE-2025-26399 (CVSS 9.8) - https://t.co/oLzBFWDokL #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #solarwinds

    @SecAlertsCo

    10 Feb 2026

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. CVE-2025-26399 / CVE-2025-40551 / CVE-2025-40536  ⚠️ SolarWinds Web Help Desk – Actively Exploited RCE  SolarWinds Web Help Desk (WHD) installations exposed to the internet are being actively exploited via unauthenticated remote code execution.  Observed intrusions sho

    @modat_magnify

    9 Feb 2026

    144 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. 🚨 SolarWinds Web Help Desk RCE Exploited to Drop Zoho Assist, Velociraptor, and Cloudflared Tunnels Attackers are actively exploiting SolarWinds Web Help Desk deserialization flaws (notably CVE-2025-40551 / CVE-2025-26399, plus related CVE-2025-40536) to gain unauthenticated

    @ThreatSynop

    9 Feb 2026

    74 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  48. New activity on our radar: Active Exploitation of SolarWinds Web Help Desk CVE-2025-26399. Worth keeping an eye on as this develops. Full analysis: https://t.co/b6vzaY7kNN #ThreatIntel #InfoSec #OTX #

    @TomarPrateek23

    9 Feb 2026

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Top 5 Trending CVEs: 1 - CVE-2025-43300 2 - CVE-2026-20952 3 - CVE-2026-25253 4 - CVE-2025-26399 5 - CVE-2026-21509 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    9 Feb 2026

    134 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress https://t.co/5hEcniKB74 #CyberSecurity

    @EpicPlain

    9 Feb 2026

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Microsoft SharePoint Server Improper Input Validation VulnerabilityCVE-2026-32201
  2. Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.CVE-2026-26151
  3. Adobe Acrobat and Reader Prototype Pollution VulnerabilityCVE-2026-34621
  4. Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.CVE-2026-5735
  5. Apache ActiveMQ Improper Input Validation VulnerabilityCVE-2026-34197

References

Sources include official advisories and independent security research.