Santosh Sethuraman, Author at SecPod Blog

Critical: Raspberry Robin Deploys CLFS Exploit to Escalate Privileges on Windows

Executive Summary The Raspberry Robin malware, a sophisticated and evolving threat, actively exploits a new vulnerability in Windows systems. First…

Comments Off

August 6, 2025

Security Research and Intelligence

Espionage in Plain Sight: Telecoms Breached by CL-STA-0969 Group

China-nexus espionage group, tracked as CL-STA-0969 and overlapping with "Liminal Panda," is actively targeting telecommunications organizations in Asia. This sophisticated…

Comments Off

August 4, 2025

Category(Default) - Do Not Use This

Act Fast: New RCE Threat to SharePoint Users (CVE-2025-53770)

A newly discovered zero-day vulnerability, CVE-2025-53770, is actively exploited in Microsoft SharePoint Servers, posing a significant threat to organizations using on-premises…

Comments Off

July 21, 2025

Category(Default) - Do Not Use This

Token Based SQLi in FortiWeb: Users Urged to Patch this Critical Flaw

A critical security vulnerability, CVE-2025-25257, has been discovered in FortiWeb web application firewalls, potentially allowing unauthenticated attackers to execute unauthorized…

Comments Off

July 14, 2025

Category(Default) - Do Not Use This

Buffer Busted: FortiOS Users Urged to Patch Buffer Overflow Vulnerability

Fortinet disclosed a critical security vulnerability in its FortiOS operating system, which is CVE-2025-24477. The flaw is classified as CWE-122,…

Comments Off

July 9, 2025

Category(Default) - Do Not Use This

NTLM Hijack: DNN Users Urged to Patch Critical Unicode Flaw

DotNetNuke (DNN), a widely used open-source content management system (CMS) built on the .NET framework, has a critical vulnerability. This…

Comments Off

July 9, 2025

Category(Default) - Do Not Use This

Cisco Warns of Hardcoded Root SSH Credentials in Unified CM

A critical security vulnerability has been discovered in Cisco Unified Communications Manager (Unified CM), presenting a serious threat to organizations…

Comments Off

July 4, 2025

Security Research and Intelligence

CitrixBleed2: Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543

Citrix has urgently released security updates to address a critical memory overflow vulnerability, CVE-2025-6543, affecting NetScaler ADC and NetScaler Gateway. With…

Comments Off

June 26, 2025

Category(Default) - Do Not Use This

ClamAV 1.4.3 and 1.0.9 Released: Addressing Critical RCE Vulnerability

The ClamAV team has released versions 1.4.3 and 1.0.9, critical security patches that address CVE-2025-20260 vulnerabilities that could compromise system…

Comments Off

June 20, 2025

Category(Default) - Do Not Use This

Apache Traffic Server Vulnerability: DoS Attacks via Memory Exhaustion

A newly identified vulnerability in Apache Traffic Server (ATS) allows attackers to initiate denial-of-service (DoS) attacks by exhausting server memory.…

Comments Off

June 20, 2025