SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Google patches new Chrome zero-day flaw exploited in Wild
Google has released security fixes for the desktop Chrome app on Windows, Linux, and Mac. This consists of Ten vulnerabilities that include one Zero-day vulnerability with High severity. Google can fix the vulnerabilities by auto patching. This is the fifth Zero-day vulnerability fixed by Google thi...
CVE Research
Microsoft August 2022 Patch Tuesday Addresses 121 Security Flaws Including Two Zero-day Vulnerabilities!
Microsoft fixes 121 vulnerabilities up against 17 ‘critical’ and the rest ‘important’ in its August 2022 Patch Tuesday update. Compared to last month’s Patch Tuesday, critical vulnerabilities are increased by 325%. Therefore, the most critical vulnerabilities are remote code execution and the rest a...
CVE Research
Warning: Atlassian Critical Vulnerabilities Being Actively Exploited- Patch Now!
Atlassian released patches for three critical vulnerabilities (CVE-2022-26136, CVE-2022-26137, CVE-2022-26138). Out of the three flaws, two impacts Confluence Server, Confluence Data Center, and some other products, as well as Bamboo, BitBucket, Fisheye, and Jira, and one of the flaws impacts only C...
CVE Research
Windows CSRSS Elevation of Privilege Vulnerability Under Active Exploitation: CVE-2022-22047
Microsoft recently patched a high severity security vulnerability in its July 2022 Patch Tuesday. This security vulnerability is wildly exploited and is assigned with an identifier CVE-2022-22047 and has a CVSS score of 7.8. This flaw was discovered by Microsoft’s internal security teams using their...
CVE Research
Retbleed: Intel and AMD Processors Information Disclosure Vulnerability. Patch Now!
Researchers have discovered a new Speculative execution attack called Retbleed, which affects both Intel and AMD processors that can result in information disclosure vulnerability. CVE-2022-29900 (AMD) is the tracking identifier for AMD, while CVE-2022-29901 (Intel) is the tracking identifier for In...
CVE Research
Microsoft July 2022 Patch Tuesday Addresses 84 Security Vulnerabilities Including a Zero-day!
Microsoft fixes 84 vulnerabilities, including four critical, one zero-day, and 79 others as important in its July 2022 Patch Tuesday update. All four critical vulnerabilities are of remote code execution, and there are about 12. The rest include elevation of privileges (zero-day flaw), Information D...
CVE Research
OpenSSL Addressed High-Severity Remote Code Execution Vulnerability- Patch Now!
The OpenSSL has released patches to address OpenSSL high severity vulnerability CVE-2022-2274 and CVE-2022-2097, along with moderate severity ones, in the cryptographic library that could potentially lead to remote code execution in specific scenarios. This done using a vulnerability management tool...