SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Monitoring Events & Actions, Essential Elements, and Top Highlights
Event logs capture security-related events, including details such as the user or service that initiated an action, the resources affected by the activity, the timing of the action, and the actions taken along with their impact. These logs can be utilized to identify potential security breaches or u...
CVE Research
ImageMagick RCE Vulnerability: A Hacker’s Magic Wand
A high-severity security vulnerability, CVE-2025-57803, has been identified in ImageMagick, a widely used open-source image processing software. This flaw could allow remote attackers to execute arbitrary code on vulnerable systems. The vulnerability stems from a 32-bit integer overflow within the B...
CVE Research
FreePBX Rings Red: Zero-Day Lets Attackers Dial in as Root
FreePBX administrators are facing urgent calls to secure their systems against an actively exploited zero-day vulnerability in the commercial Endpoint Manager module. The Security Team has confirmed that this critical flaw, identified as CVE-2025-57819, allows attackers to execute code remotely on v...
CVE Research
Critical Chrome Update: Patch CVE-2025-9478 Before Attackers Strike
A critical security update has been released for the Chrome Stable channel to address a use-after-free vulnerability in the ANGLE graphics library. This flaw, identified as CVE-2025-9478, could allow attackers to execute arbitrary code on vulnerable systems.
CVE Research
Stealth in the Storm! Breaking Down Salt Typhoon’s Global Cyber Campaign
Salt Typhoon, a China-linked advanced persistent threat (APT) group, has been conducting a persistent cyber-espionage campaign since at least 2019. The group targets telecommunications providers, government agencies, transportation, lodging, and military infrastructure worldwide, exploiting vulnerab...
CVE Research
5 Signs You Have a Visibility Gap – And Why A Prevention-First Philosophy Is The Only Remedy
The cybersecurity industry of today has matured tools for discovery and detection – what it has not institutionalized at scale is closure. Modern security programs can show long lists of vulnerabilities, misconfigurations, policy violations and alerts – and still be vulnerable. Attackers succeed not...
CVE Research
Security Advisory: Citrix Addresses Three NetScaler Vulnerabilities Including Actively Exploited CVE-2025-7775
On August 26, 2025, Citrix released a security bulletin addressing three newly disclosed vulnerabilities in NetScaler ADC and NetScaler Gateway appliances. One of these, CVE-2025-7775, has already been confirmed as actively exploited in the wild as a zero-day vulnerability.
CVE Research
Gayfemboy Malware Emerges: Next-Gen Mirai Variant Targets Cisco and TP-Link Routers
FortiGuard Labs has uncovered a new malware strain dubbed Gayfemboy, a Mirai successor that aggressively targets routers and critical networking gear from Cisco, TP-Link, DrayTek, and Raisecom. The campaign exploits multiple CVEs to compromise infrastructure devices, establish long-term persistence,...
CVE Research
PolarEdge, Gayfemboy, and EAGLEDOOR: Botnets and APTs Exploit GeoServer Vulnerability
Cybercriminals and advanced persistent threat (APT) actors are increasingly converging on a stealth-first, profit-driven, and persistence-focused model of operations. Recent discoveries highlight how both financially motivated threat groups and nation-state-backed APTs are exploiting known vulnerabi...