SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Linux CUPS: Remote DoS and Authentication Bypass Exploit
The discovery of CVE-2025-58364 and CVE-2025-58060 reveals two critical weaknesses in the Linux Common Unix Printing System (CUPS). Exploiting these vulnerabilities could enable remote denial-of-service and authentication bypass attacks, endangering millions of systems that rely on CUPS as a fundame...
CVE Research
CVE-2025-26633 “MSC EvilTwin”: The One-Click Windows Exploit That Can Lead to Data Theft, Downtime, and Ransom Demands
A new Windows weakness in Microsoft Management Console (MMC), tracked as CVE-2025-26633 and nicknamed “MSC EvilTwin,” is being used by an advanced threat group Water Gamayun (also known as EncryptHub/LARVA-208 to bypass security checks and run malicious code.
CVE Research
Why Teams Miss Critical Risks – Anatomy of a Prioritization Failure
In cybersecurity, breaches don’t usually stem from a lack of tools. Most organizations already own an alphabet soup of platforms – EDR, CSPM, SIEM, IAM, vulnerability scanners, and more. They also don’t usually stem from a lack of alerts. In fact, the average SOC processes thousands of alerts per da...
CVE Research
WeepSteel Rises: Attackers Exploit Critical Sitecore Deserialization Bug
A critical zero-day vulnerability in Sitecore, tracked as CVE-2025-53690, has been exploited in the wild to deploy the WeepSteel backdoor. This flaw, an insecure deserialization issue, allows attackers to craft malicious ViewState payloads using default or sample ASP.NET machineKey values. Exploitat...
CVE Research
Critical SessionReaper Flaw in Adobe Commerce Puts Customer Accounts at Risk
A critical vulnerability, CVE-2025-54236, dubbed “SessionReaper,” has been identified in Adobe Commerce and Magento Open Source platforms, potentially allowing attackers to seize control of customer accounts. The severity of this flaw has prompted Adobe to release an emergency patch outside of its r...
CVE Research
Critical Chrome Security Update Patches Remote Code Execution Flaws
Google has released an urgent security update for the Chrome browser across Windows, Mac, and Linux platforms to address critical vulnerabilities that could enable remote attackers to execute arbitrary code. Chrome users are strongly encouraged to update their browsers immediately to safeguard again...
CVE Research
FortiDDoS Appliances Vulnerable to OS Command Injection, Urges Immediate Patching
Fortinet has recently addressed a medium-severity OS command injection vulnerability, CVE-2024-45325, in its FortiDDoS-F appliances. This flaw could allow a privileged attacker to execute unauthorized commands via the command-line interface (CLI). Given the critical role FortiDDoS-F appliances play ...