dark
Hand-Picked Top-Read Stories
Trending Tags
2 minute read

SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny

info@thehackernews.com (The Hacker News)
November 21, 2025
The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security practices that led to the 2020 supply chain attack. In a joint motion filed November 20, 2025, the SEC, along with SolarWinds and its CISO Timothy G. Brown, asked the court to voluntarily
Total
0
Shares
0
0
0

The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security practices that led to the 2020 supply chain attack.

In a joint motion filed November 20, 2025, the SEC, along with SolarWinds and its CISO Timothy G. Brown, asked the court to voluntarily dismiss the case.

The SEC said its decision to seek dismissal “does not necessarily reflect the Commission’s position on any other case.”

SolarWinds and Brown were accused by the SEC in October 2023 of “fraud and internal control failures” and that the company defrauded investors by overstating its cybersecurity practices and understating or failing to disclose known risks.

DFIR Retainer Services

The agency also said both SolarWinds and Brown ignored “repeated red flags” and failed to adequately protect its assets, ultimately leading to the supply chain compromise that came to light in late 2020. The attack was attributed to a Russian state-sponsored threat actor known as APT29.

“Brown was aware of SolarWinds’ cybersecurity risks and vulnerabilities but failed to resolve the issues or, at times, sufficiently raise them further within the company,” the SEC alleged at the time.

However, in July 2024, many of these allegations were thrown out by the U.S. District Court for the Southern District of New York (SDNY), stating “these do not plausibly plead actionable deficiencies in the company’s reporting of the cybersecurity hack” and that they “impermissibly rely on hindsight and speculation.”

Subsequently, the SEC also charged Avaya, Check Point, Mimecast, and Unisys for making “materially misleading disclosures” related to the large-scale cyber attack that stemmed from the SolarWinds hack.

In a statement, SolarWinds CEO Sudhakar Ramakrishna said the latest development marks the end of an era that challenged the company, and emphasized “we emerge stronger, more secure, and better prepared than ever for what lies ahead.”

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

 The Hacker News 

Total
0
Shares
Share 0
Tweet 0
Share 0
Share 0
Share 0
Previous Post

Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity

November 21, 2025
Next Post

Why IT Admins Choose Samsung for Mobile Security

November 21, 2025
Related Posts
4 min

Model Security Is the Wrong Frame – The Real Risk Is Workflow Security

As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models themselves. But recent incidents suggest the bigger risk lies elsewhere: in the workflows that surround those models. Two Chrome extensions posing as AI helpers were recently caught stealing ChatGPT and DeepSeek chat data from over 900,000 users. Separately, researchers
info@thehackernews.com (The Hacker News)
January 15, 2026
Read More
4 min

North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations

The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. "The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated
info@thehackernews.com (The Hacker News)
February 11, 2026
Read More
3 min

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. "Enterprise organizations that are clients of these payment providers are the most likely to be impacted," Silent Push said in a report published today.
info@thehackernews.com (The Hacker News)
January 13, 2026
Read More