SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Security Alert: Critical Apache Struts Vulnerability Under Active Exploitation
Apache has revealed a critical vulnerability in Apache Struts, a widely utilized Java-based web application framework. The vulnerability tracked as CVE-2024-53677 has a CVSS Score of 9.5 out of 10, indicating critical severity.Struts is a key component in many enterprise environments, valued for its...
CVE Research
Apple Security Updates in December 2024
The Apple Security Update December 2024 addresses flaws in Safari, macOS Sonoma, macOS Ventura, and macOS Sequoia. These flaws might allow attackers to execute arbitrary code, access sensitive data, or gain elevated privileges. The updates address issues in components like AppleMobileFileIntegrity, ...
CVE Research
Story of Cyberattack: Petya
The Petya cyberattack, also known as NotPetya, was one of the most devastating cyberattacks in recent history. First discovered in June 2017, it caused widespread damage across the globe, affecting major enterprises and governments. Initially believed to be a ransomware attack, it was later determin...
CVE Research
CVE-2014-2120: Ten-year-old Cisco ASA Flaw Exploited In The Wild
First discovered in 2014 by researcher Jonathan Claudius, CVE-2014-2120 is a vulnerability caused by insufficient input validation in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software. This flaw could allow an unauthenticated remote attacker to execute an XSS attack against a...
CVE Research
When CVE Met CVE: RomCom Hackers Exploit Firefox and Windows Zero-Days
The Russian cybercrime group RomCom has been linked to a series of cyberattacks launched across the world. The notorious hackers are chaining two Firefox and Windows flaws to deliver a backdoor and compromise vulnerable systems.
CVE Research
The Hidden Risks of Third-Party Resources and How to Avoid Them
Businesses today increasingly depend on a wide variety of third-party resources to meet their cloud computing requirements, which range from customer service and analytics to data security and storage. Although this interconnected ecosystem drives operational efficiency and workforce productivity, i...
CVE Research
Mastering IT Patch Management: Your Shield Against Cyber Threats
IT Patch Management isn’t the most glamorous topic in the tech world, but it’s a silent hero shielding system from attacks, plugging vulnerabilities, and keeping software in peak condition. In a world where cyber threats grow by the second, staying patched and protected can make all the difference b...