SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Critical Palo Alto Firewall Bug Allows Remote Reboot Through Packet Injection
A critical denial-of-service vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers to remotely reboot firewalls by sending specially crafted packets through the data plane. Security researchers warn that repeated exploitation can push affected devices into maintenance mode, eff...
CVE Research
Pre-Auth and Persistent: How a Sophisticated APT Targeted Cisco ISE and Citrix Gateways
Amazon’s security teams have made a critical discovery, revealing a sophisticated Advanced Persistent Threat (APT) campaign actively exploiting zero-day vulnerabilities in two widely deployed enterprise solutions: Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC/Gateway products. This fi...
CVE Research
RelayState Ruse: Exploiting Reflected XSS in Citrix NetScaler
In the realm of cybersecurity, it’s not uncommon to stumble upon vulnerabilities while dissecting a system during the pursuit of reproducing an N-day. Security researchers at watchTowr Labs recently encountered such a scenario while analyzing CitrixBleed2 (CVE?2025?5777), which affected Citrix NetSc...
CVE Research
SAP November Patch Roundup: Critical Flaws Demand Immediate Action
SAP has recently rolled out its November security updates, aiming to resolve a spectrum of vulnerabilities across its enterprise software suite. These updates address critical issues, emphasizing the need for organizations to promptly review and apply the necessary patches to safeguard their SAP env...
CVE Research
Active Campaign Against Triofox: How Attackers Bypassed Setup and Gained SYSTEM Execution
A cyber-espionage group, identified as UNC6485, is actively exploiting a critical vulnerability in Gladinet’s Triofox file-sharing platform. This campaign aims to gain initial network access, steal data, and establish long-term persistence. Attackers are bypassing authentication to create administra...
CVE Research
Critical NPM Package Vulnerability Puts AI and NLP Applications at Risk of Exploitation
The discovery of CVE-2025-12735 reveals a critical remote code execution (RCE) weakness in the popular JavaScript expression-evaluation library expr-eval. Exploitation allows an attacker who can supply crafted input to influence the parser’s evaluation context and execute arbitrary system-level comm...
CVE Research
Watch Your Cloud Hygiene Evolve: Trend Analysis in Saner Cloud CHS
Cloud environments are dynamic!New resources are spun up in seconds, configurations change constantly, and threats evolve even faster. In such a complex landscape, cloud security hygiene isn’t a one-time check, but a continuous journey. To help organizations track this journey, Saner Cloud introduce...
CVE Research
Burning Down the Firewall: Cisco ASA and FTD Under Active Exploitation
Cisco has issued a warning regarding a new wave of attacks targeting their Secure Firewall Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) software. This new attack variant exploits vulnerabilities CVE-2025-20333 and CVE-2025-20362, potentially leading to denial-of-service (DoS) ...