SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Why Prevention-First Security Is the Only Solution to Ransomware
In 2025, ransomware escalated from a disruptive nuisance to a global economic crisis. Cybersecurity Ventures projects that ransomware damages will reach $57 billion this year, translating to $156 million per day or $109,000 per minute. Reactive cybersecurity tools fail to contain this scale of damag...
CVE Research
Error in lang: Erlang Users Urged to Patch Critical Security Flaw
A critical security flaw, tracked as CVE-2025-32433 and rated with a CVSS score of 10.0, has been found in the SSH implementation of the Erlang/Open Telecom Platform (OTP). This vulnerability could allow an unauthenticated attacker to run arbitrary code, but only under specific conditions.
CVE Research
378 Vulnerabilities Fixed in Oracle’s Latest Critical Patch Update
Oracle’s quarterly critical patch update made its entrance with a bang this April, fixing 378 vulnerabilities in both Oracle and third-party product families. Oracle Communications accounted for the highest number of flaws, totaling 103, with Oracle MySQL and Oracle Communications Applications trail...
CVE Research
A Flip in the FortiSwitch: FortiSwitch Users Urged to Patch Critical Security Flaw
CVE-2024-48887 is a critical vulnerability affecting the Fortinet FortiSwitch web interface, with a CVSS score of 9.8. It stems from improper access control, allowing remote attackers to change administrator passwords without authentication, potentially leading to full system compromise.
CVE Research
CrushFTP Security Alert: Actively Exploited Authentication Bypass Vulnerability! Patch Now!
CrushFTP users beware!! A severe authentication bypass vulnerability is exploited, endangering sensitive data and entire systems. This security flaw grants unauthorized access to CrushFTP servers, requiring urgent attention and immediate action. If you depend on CrushFTP for file transfers, recogniz...
CVE Research
Eliminating Healthcare’s Cloud Security Gaps with Saner Cloud
Healthcare organizations rely on cloud environments to store and manage patient data, but security challenges and compliance requirements make protection a top priority. Misconfigurations, unpatched vulnerabilities, and excessive user permissions create serious risks — threats that attackers exploit...
CVE Research
Hook, Line, and Sinker: Chrome Patches Zero-Day Used in Phishing Attacks
In mid-March 2025, a deluge of personalized phishing emails took Russia by storm. When analyzed, the underlying vulnerability had researchers swimming in uncharted waters; they had found a new Chrome zero-day!
CVE Research
Ingress NGINX Remote Code Execution Vulnerabilities Discovered – Patch Now!
Critical security vulnerabilities have been discovered in the Ingress-NGINX Controller for Kubernetes. CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974—collectively known as ‘IngressNightmare’—allow attackers to gain unauthorized access to secrets across all namespaces. This results i...