SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Analyzing the TrueConf Zero-Day Exploit in Southeast Asian Cyber Attacks
Cybercriminals are increasingly exploiting trusted enterprise collaboration platforms through supply-chain style attacks, with a newly discovered zero-day vulnerability in the TrueConf video conferencing client actively weaponized in targeted campaigns against Southeast Asian government entities. Tr...
CVE Research
Critical Infrastructure Alert: Patch Cisco IMC and SSM On-Prem Now!
A pair of critical vulnerabilities in Cisco server and license-management technologies, CVE-2026-20093 and CVE-2026-20160. These flaws allow attackers to bypass authentication or execute commands at the highest privilege level. Both flaws have been assigned a CVSS score of 9.8. Exploitation could re...
CVE Research
UNC1069 and the Axios npm Attack: Google Reveals North Korean Attribution
Cybercriminal and nation-state threat actors are increasingly shifting toward developer-ecosystem compromise and software supply chain abuse as a reliable avenue for mass access. Rather than exploiting hardened enterprise perimeters directly, these actors target trusted package repositories, build p...
CVE Research
Critical Security Vulnerability in Google Chrome: Technical Analysis and Mitigation
The discovery of CVE-2026-5281 reveals critical vulnerability highlights a serious weakness in modern web browsers that can be leveraged by attackers to execute malicious code under specific conditions, posing a significant risk to users across different platforms. The issue originates from improper...
CVE Research
FortiClient EMS Under Fire: Critical CVE-2026-21643 Exploited in Real-World Attacks
A critical SQL injection vulnerability, CVE-2026-21643, has been identified in FortiClient Endpoint Management Server (EMS), a centralized management platform for FortiClient endpoint agents across multiple environments.
CVE Research
Node.js Security Bulletin: CVE-2026-21637 and Other Fixes Explained
The Node.js project has recently released a series of security updates to address multiple vulnerabilities across its active release lines. These updates span versions 20.x, 22.x, 24.x, and 25.x, and include fixes for issues ranging from high to low severity. Among the most critical is CVE-2026-2163...
CVE Research
Zero-Click AI Exploit: ShadowPrompt in Claude Chrome Extension
A significant vulnerability has been discovered in Anthropic’s Claude Google Chrome Extension, potentially allowing malicious actors to inject prompts into the AI assistant without any user interaction. This “zero-click” vulnerability, dubbed ShadowPrompt, could have allowed attackers to silently co...
CVE Research
Immediate Action Required: Critical NetScaler Vulnerability Exposes Sensitive Memory Data
Citrix has released a security advisory addressing two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical vulnerability tracked as CVE-2026-3055 (CVSS score: 9.3) and a high-severity vulnerability tracked as CVE-2026-4368 (CVSS score: 7.7).
CVE Research
CVE-2026-33017: Critical Langflow Vulnerability Exploited Within 20 Hours of Disclosure
The discovery of CVE-2026-33017 reveals a critical remote code execution vulnerability in Langflow that is being actively exploited in the wild within 20 hours of public disclosure. Successful exploitation could allow unauthenticated attackers to execute arbitrary code on affected servers, potential...