SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Joint Threat to Safari and Chrome Users – Patch CVE-2025-6558 Now
Apple has rolled out critical security updates across its platforms to address a high-severity vulnerability in the WebKit engine. This flaw, tracked as CVE-2025-6558, was exploited as a zero-day in Google Chrome and could potentially impact Safari and other Apple applications relying on WebKit. The...
CVE Research
Auto-Color Backdoor Weaponizes SAP Flaw for Stealthy Access
A critical zero-day vulnerability in SAP NetWeaver, CVE-2025-31324, is being exploited to deliver “Auto-Color,” a stealthy Linux backdoor. The vulnerability allows for unauthenticated remote code execution (RCE), enabling attackers to achieve full system compromise. Multiple threat actors, including...
CVE Research
Microsoft Uncovers Sploitlight: How a Spotlight Plugin Flaw Evades macOS TCC Protections
Microsoft Threat Intelligence recently disclosed a serious macOS vulnerability dubbed Sploitlight. It tracked as CVE-2025-31199 that leverages Spotlight importer plugins to bypass Apple’s Transparency, Consent, and Control (TCC) framework and exfiltrate files normally off-limits, including Apple Int...
CVE Research
Privileged Path Hijack: Eye Security Exposes Root-Level Vulnerability in Copilot Enterprise
SummaryOn April 18, 2025, Eye Security researchers identified a critical privilege escalation issue in Microsoft Copilot Enterprise’s live Python sandbox (Jupyter Notebook–based). A misconfigured entrypoint script (keepAliveJupyterSvc.sh) ran pgrep without using a full path. Because the $PATH Priori...
CVE Research
Virtual Environments Under Fire: Fire Ant Campaign Breaches VMware Systems
A threat actor, codenamed Fire Ant, has targeted virtualization and networking infrastructure as part of a prolonged cyber-espionage campaign uncovered in 2025. The attackers focused on exploiting vulnerabilities and abusing trusted management tools to gain persistent, hypervisor-level access across...
CVE Research
Patch Now: SonicWall Addresses Critical CVE-2025-40599 in SMA Appliances Amid Exploit Risk
SonicWall has released a patch for a critical vulnerability, CVE-2025-40599, affecting its Secure Mobile Access (SMA) 100 series appliances and is urging customers to apply the update as soon as possible. While there is no current evidence of active exploitation of this specific vulnerability in the...
CVE Research
DDoS Attack – Everything You Need to Know
Imagine your business website grinding to a halt. But it’s not the usual suspects, a technical glitch or human error, but because thousands of hijacked devices are hammering it with traffic, second after second. Not a single request is legitimate, yet your servers are overwhelmed and your customers ...
CVE Research
Hackers Weaponize SharePoint 0-Day: Widespread Exploitation Ongoing
A critical zero-day vulnerability chain, called “ToolShell,” is actively exploited in Microsoft SharePoint Server on-premises environments. This sophisticated attack vector leverages vulnerabilities to achieve unauthenticated remote code execution (RCE), bypass multi-factor authentication, and enabl...
CVE Research
SonicWall Fixes Actively Exploited SMA 100 Vulnerability Used in Overstep Attacks
A critical zero-day flaw in SonicWall SMA 100 VPN appliances is being leveraged in the wild to distribute Overstep, a stealth malware capable of maintaining persistent access, stealing credentials, and executing lateral attacks. The vulnerability allows remote code execution without authentication, ...