SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Critical XWiki Vulnerability Abused in the Wild for Cryptocurrency Mining
A critical remote code execution (RCE) vulnerability (CVE-2025-24893) in XWiki, a widely-used open-source wiki platform, is being actively exploited in the wild. This exploitation leads to the deployment of cryptocurrency mining malware on compromised servers. The vulnerability allows unauthenticate...
CVE Research
QNAP NetBak Exposed: Critical ASP.NET Core Bug Enables Security Bypass
A critical security vulnerability has been identified in QNAP’s NetBak PC Agent software, stemming from a flaw in Microsoft ASP.NET Core. Tracked as CVE-2025-55315, this vulnerability allows attackers to exploit HTTP Request Smuggling techniques, potentially bypassing essential security controls and...
CVE Research
Patch Now! Apache Tomcat Vulnerabilities Expose Servers to RCE Risk
The Apache Software Foundation recently addressed two security vulnerabilities affecting multiple versions of Apache Tomcat, a widely-used open-source Java servlet container. These vulnerabilities, identified as CVE-2025-55752 and CVE-2025-55754, impact versions 9, 10, and 11 of Apache Tomcat and hi...
CVE Research
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware
A zero-day vulnerability in Google Chrome, identified as CVE-2025-2783, was recently exploited in the wild to deliver the LeetAgent spyware. This spyware has been linked to the Italian vendor Memento Labs, previously known as Hacking Team. The vulnerability, a sandbox escape, allowed attackers to by...
CVE Research
Triple Threat: Dell Storage Manager Flaws Put Systems at Risk
On October 24, 2025, Dell Technologies addressed three critical vulnerabilities in its Storage Manager software. These vulnerabilities could allow an attacker to bypass authentication, expose sensitive data, and gain unauthorized system access.
CVE Research
Critical RCE Flaw Hits Motex LANSCOPE, CISA Issues Warning
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-61932, a critical security flaw in Motex LANSCOPE Endpoint Manager, to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. This vulnerability allows remote attackers to execute a...
CVE Research
Threat Analysis: Bitter APT Uses C# Implant “cayote.log” in Espionage Operations
A targeted phishing campaign is exploiting a security flaw, CVE-2025-8088, to attack government, military, and electric power sectors in China and Pakistan. The operation is attributed to the cyber-espionage group Bitter APT. Attackers use phishing emails containing malicious Microsoft Excel or RAR ...
CVE Research
Urgent: Critical SessionTakeover Flaw (CVE-2025-54236) in Adobe Commerce & Magento
A critical vulnerability, CVE-2025-54236, dubbed SessionReaper, is currently under active exploitation in Adobe Commerce and Magento Open-Source platforms. The flaw arises from improper input validation and can lead to customer account takeover and remote code execution. Security firm Sansec has rep...
CVE Research
BIND 9 Cache Poisoning Flaws Pose High Risk to DNS Reliability — CVE-2025-40778, CVE-2025-40780
On October 22, 2025, the Internet Systems Consortium (ISC) disclosed multiple vulnerabilities in BIND 9, the world’s most widely used DNS software. Among these, CVE-2025-40778 and CVE-2025-40780 present high-severity cache poisoning risks, while CVE-2025-8677 introduces a high-severity denial-of-ser...