Earlier this week, we learned that SolarWinds, the largest provider of network management tools for large enterprise organizations fell victim to a supply chain attack. This attack affected their Orion network management system. Reportedly, 18,000 enterprise and government customers downloaded and installed malware that was digitally signed by a valid certificate as part of an update from SolarWinds’ own servers. Microsoft took control of one of the primary command-and-control domains. We also talk about a vulnerability in the PageLayer plugin and a wormable zero-click XSS bug found in the Jabber client.