SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
UAC-0099’s New Weapon: The WinRAR Exploit You Can’t Ignore
A critical vulnerability in WinRAR, identified as CVE-2023-38831, is being actively exploited by threat actors to execute arbitrary code on a victim’s machine. This flaw allows attackers to craft malicious ZIP archives that can deliver malware when a user attempts to view a seemingly benign file. Th...
CVE Research
Critical Trend Micro Apex One Bugs (CVE-2025-54948, CVE-2025-54987) Now Actively Exploited
Trend Micro has warned that attackers target critical unauthenticated command injection vulnerabilities (CVE-2025-54948, CVE-2025-54987) in its on-premise Apex One endpoint security product.
CVE Research
New Microsoft Exchange Server Vulnerability Allows Privilege Escalation to Admin
A significant security flaw, CVE-2025-53786, has been discovered in Microsoft Exchange Server hybrid environments. This flaw could enable attackers with on-premises administrative privileges to escalate their access within connected cloud systems. Publicly disclosed on August 6, 2025, the vulnerabil...
CVE Research
Critical: Raspberry Robin Deploys CLFS Exploit to Escalate Privileges on Windows
The Raspberry Robin malware, a sophisticated and evolving threat, actively exploits a new vulnerability in Windows systems. First identified in 2021, this malware, also known as Roshtyak, has moved beyond its initial distribution via infected USB drives. It now incorporates a critical privilege esca...
CVE Research
Hackers Beware: Dell Laptop Firmware Vulnerabilities Put Credentials at Risk
A firmware-level security nightmare is unfolding across millions of Dell laptops worldwide. The devices trusted by government agencies, cybersecurity professionals, and enterprise organizations to protect their most sensitive data are now vulnerable to a sophisticated attack vector that could render...
CVE Research
Squid Proxy Under Threat: Critical Bug Enables Remote Code Execution
A critical vulnerability has been discovered in the Squid Web Proxy server, which could allow remote attackers to execute arbitrary code on affected systems. This vulnerability affects multiple versions and may impact many systems relying on Squid for caching and proxy functionality.
CVE Research
Espionage in Plain Sight: Telecoms Breached by CL-STA-0969 Group
China-nexus espionage group, tracked as CL-STA-0969 and overlapping with “Liminal Panda,” is actively targeting telecommunications organizations in Asia. This sophisticated campaign, observed between February and November 2024, leverages brute-force attacks for initial access, followed by the exploi...
CVE Research
What is Malware? Understanding the Threat Lurking Behind the Screen
In today’s hyper-connected digital world, cyber threats have grown in complexity, scale, and destructiveness. At the heart of many of these threats lies one potent tool: malware. Short for “malicious software,” malware refers to any software intentionally designed to cause damage to a computer, serv...
CVE Research
Automating Patch and Compliance Updates Safely with Test and Deploy for Automation
Rolling out patches and configuration fixes across hundreds or thousands of systems is a constant balancing act. IT and security teams need to act quickly to remediate vulnerabilities and enforce policies, but rushing an untested update can lead to unexpected outages or compliance drift. Traditional...