SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Tunnel Trouble: 4.2 Million Hosts, VPNs, and Routers Vulnerable
“Attackers? Good luck getting past my VPN wall!”. Maybe it’s time to reconsider that. New research just uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks in your “private” network.
CVE Research
Vulnerability Management & Cybersecurity Trends to Look For in 2025
Phew. What a year 2024 was. High-profile attacks, rapid digital transformation, and the elephant in the room, AI, of course. These events have changed the cybersecurity world and will have longstanding ramifications! But what about cybersecurity trends in 2025?
CVE Research
Urgent: Patch Now! Critical Zero-Day CVE-2025-23006 Targets SonicWall SMA Appliances
CVE-2025-23006 is a critical zero-day vulnerability affecting SonicWall Secure Mobile Access (SMA) 1000 series appliances. This vulnerability, categorized as a deserialization of untrusted data flaws, resides within the Appliance Management Console (AMC) and Central Management Console (CMC). Exploit...
CVE Research
Oracle Releases Critical Security Updates January 2025 – Patch Now!
Oracle has released its Critical Patch Update (CPU) for January 2025, addressing 318 new security patches across various product families, including Oracle Database Server, Oracle MySQL, Oracle Communications, Oracle E-Business Suite, Oracle Fusion Middleware, and more. This update mitigates vulnera...
CVE Research
Critical Code Execution Vulnerability (CVE-2025-0411) Detected in 7-Zip
A critical security vulnerability identified as CVE-2025-0411 has been detected in 7-Zip, a widely used file archiver. With a CVSS score of 7.0, this vulnerability allows attackers to bypass the Windows “Mark-of-the-Web” (MotW) security feature. If exploited, it could lead to the execution of malici...
CVE Research
Reducing R&D Costs and Speeding Up Time-to-Market – How Integrating SecPod Can Help Businesses
When it comes to product development, Technology Vendors are under immense pressure to innovate rapidly, reduce costs, and maintain end-to-end security. This trifecta of challenges often strains resources, delays launches and impacts customer satisfaction. However, integrating SecPod’s advanced tech...
CVE Research
Critical Path Traversal Vulnerabilities (CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159) in Ivanti Endpoint Manager
Ivanti, an IT management solutions, has identified and addressed four critical vulnerabilities in its Endpoint Manager (EPM) software. These vulnerabilities, identified as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, have been assigned a CVSS score of 9.8, indicating their hig...
CVE Research
Cloud Security Best Practices That Every User Should Implement
The cloud has become a foundational element of modern business operations due to its far-reaching scalability, adaptability, and cost-effectiveness. However, as more companies adopt cloud computing, they should also implement cloud security best practices to avoid the increasing dangers of modern cy...
