SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Silent Rendering, Stolen Secrets: APT28’s MSHTML Espionage Campaign
A Russia-linked advanced persistent threat group, APT28 (also known as Fancy Bear and Forest Blizzard), has been observed exploiting a previously unknown Microsoft Windows vulnerability, CVE-2026-21513, in targeted cyber-espionage campaigns. The zero-day flaw resides in Microsoft’s MSHTML browser en...
CVE Research
Ongoing Web Shell Attacks Hit 900+ FreePBX Systems: INJ3CTOR3 Behind EncystPHP Deployment
Cybercriminals continue to exploit misconfigurations and unpatched VoIP infrastructure, with over 900 Sangoma FreePBX systems confirmed compromised following widespread deployment of EncystPHP, a malicious PHP-based web shell. These intrusions have been attributed to threat activity leveraging a pos...
CVE Research
Serv-U Vulnerabilities Expose Systems to Root Compromise
SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. These vulnerabilities affect SolarWinds Serv-U version 15.5 and have been addressed in version 15.5.4.
CVE Research
Zero-Day Unleashed: How Hackers Are Creeping Into Cisco SD-WAN Networks
A critical zero-day vulnerability in Cisco Catalyst SD-WAN Manager, tracked as CVE-2026-20127, has been actively exploited by the group UAT-8616 to maintain covert access to enterprise edge infrastructure. The vulnerability stems from an improper authorization flaw in the management application’s RE...
CVE Research
Security Advisory: VMware Aria Operations Vulnerabilities May Lead to Remote Compromise
Broadcom has released security updates to address multiple vulnerabilities in VMware Aria Operations, an IT operations management platform that monitors and optimizes virtual, cloud, and hybrid environments. The solution provides performance monitoring, capacity planning, automated alerting, and cos...
CVE Research
Inbox at Risk: Critical Roundcube Webmail Flaws Actively Exploited
Roundcube Webmail, a widely-used web-based email client, is facing increased scrutiny as threat actors actively exploit several vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has recently flagged two Roundcube Webmail vulnerabilities, CVE-2025-49113 and CVE-2025-68461, ...
CVE Research
Weaponizing CVE-2026-1731: VShell and SparkRAT in Real-World BeyondTrust Breaches
On February 6, 2026, BeyondTrust disclosed a critical pre-authentication remote code execution vulnerability, CVE-2026-1731, affecting its Remote Support and Privileged Remote Access products. The flaw, assigned a CVSS v4 score of 9.9, enables unauthenticated attackers to execute arbitrary operating...
CVE Research
Supply Chain Risk: Critical Flaws Identified in Popular VS Code Extensions
In the modern software development ecosystem, Integrated Development Environments (IDEs) such as Microsoft Visual Studio Code have become foundational to daily engineering workflows. To extend functionality and streamline development tasks, teams frequently rely on third-party extensions from the ma...
CVE Research
Backdoor in Backup: UNC6201 Exploits RecoverPoint Zero-Day to Deploy GRIMBOLT
A critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769, has been actively exploited by the China-nexus threat cluster UNC6201 to deploy persistent backdoors and maintain covert access to enterprise infrastructure. The vulnerability stems from hard-code...