SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Patch Now: CVE-2021-43226 Windows Vulnerability Actively Exploited
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a privilege escalation vulnerability in Microsoft Windows, identified as CVE-2021-43226. This vulnerability resides within the Common Log File System (CLFS) driver and is being lever...
CVE Research
Under Medusa’s Gaze: GoAnywhere Zero-Day Powers Ransomware Attacks
A critical deserialization vulnerability in Fortra GoAnywhere MFT (CVE-2025-10035 , with a CVSS score of 10.0) has been actively exploited by a Medusa ransomware affiliate tracked as Storm-1175 to gain unauthenticated remote code execution against internet-exposed Admin Consoles. Operators exploited...
CVE Research
CVE-2025-61882: Why Clop’s Latest Oracle EBS Strike Should Scare You
Oracle E-Business Suite (EBS), a comprehensive suite of enterprise resource planning (ERP) applications, is integral to managing core business operations for numerous organizations worldwide. It handles critical functions across finance, HR, and supply chain management.
CVE Research
Zimbra Zero-Day Exploitation Vector: Malicious ICS Files Targeting Brazil’s Military
The discovery and exploitation of CVE-2025-27915, a stored cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS), underscores the persistent threat posed by input sanitization flaws in widely used enterprise software. This now-patched zero-day vulnerability was actively exploi...
CVE Research
China-Linked APT Exploits VMware Zero-Day Vulnerability Active Since October 2024
A newly discovered and actively exploited local privilege escalation vulnerability in VMware Tools and Aria Operations, tracked as CVE-2025-41244, has been leveraged as a zero-day since mid-October 2024. The exploitation has been attributed to UNC5174, a China-linked advanced persistent threat (APT)...
CVE Research
Technical Breakdown: How the ArcaneDoor Group Leverages Multiple Cisco Zero-Days for Stealthy Infiltration
A sophisticated, state-sponsored threat actor tracked as ArcaneDoor is actively exploiting two new zero-day vulnerabilities in Cisco firewalls. The campaign deploys a dangerous malware cocktail to conduct espionage against government networks.
CVE Research
CISA Issues Emergency Directive as Cisco ASA Zero-Day Exploited in the Wild
Cisco has issued an urgent security advisory, urging customers to patch two critical zero-day vulnerabilities affecting the VPN web server components of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. These flaws are actively ...
CVE Research
Versa Director Zero-Day Under Siege: Volt Typhoon and Bronze Silhouette Campaign
Cybercriminal groups and nation aligned advanced persistent threats (APTs) are increasingly converging on stealth first, persistence focused, and monetization driven operations. Recent reporting shows both financially motivated actors and suspected state aligned groups actively exploiting a critical...
CVE Research
Inside UNC5221’s BRICKSTORM: Unmasking a Stealthy Espionage Backdoor
Since at least early 2025, a suspected China-nexus cluster, tracked as UNC5221, has deployed the BRICKSTORM backdoor using the vulnerabilities CVE-2023-46805 and CVE-2024-21887 to establish long-term, stealthy access to high-value targets, notably legal services, SaaS providers, BPOs, and technology...