SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Stealth Fix: Microsoft Patches Exploited LNK Security Hole
In a move that highlights the ongoing cat-and-mouse game between software vendors and threat actors, Microsoft has recently addressed a high-severity vulnerability in Windows LNK files. Tracked as CVE-2025-9491, this flaw has been actively exploited in the wild by a multitude of state-sponsored and ...
CVE Research
AISURU Botnet: Inside the 29.7 Tbps Mega-Scale DDoS Weapon
AISURU is one of the most powerful and rapidly expanding botnets observed in recent years. With an estimated 300,000 compromised routers, DVRs, gateways, and IoT devices, it has played a central role in the unprecedented surge of global DDoS attack peaks in 2025, reaching up to 29.7 Tbps. AISURU’s t...
CVE Research
ShadowPad’s Silent Invasion: Crafting Persistence Through WSUS Exploitation
The ShadowPad malware campaign represents an urgent and advanced cybersecurity threat, exploiting a critical vulnerability in Microsoft’s WSUS service to gain full system access. This highly modular backdoor is being actively leveraged by state-aligned threat actors to target key sectors globally, e...
CVE Research
One Key to Rule Them All: Apache Syncope Flaw Leaves Passwords Wide Open
A critical vulnerability, identified as CVE-2025-65998, has been discovered in Apache Syncope, a widely-used open-source identity management system, potentially exposing sensitive password information. This flaw highlights the risks associated with hard-coded encryption keys and the importance of pr...
CVE Research
Grafana Vulnerability Disclosure: SCIM Flaw Could Lead to Privilege Escalation
The discovery of CVE-2025-41115 exposes a critical security weakness in the Grafana Enterprise SCIM (System for Cross-domain Identity Management) component, enabling attackers to escalate privileges or impersonate existing users under specific configuration conditions. This flaw poses a significant ...
CVE Research
Critical Security Update: SolarWinds Remediates Multiple Serv-U Vulnerabilities
SolarWinds has issued an urgent security update for its Serv-U file transfer software, patching three critical remote code execution (RCE) vulnerabilities, each rated CVSS 9.1. These flaws could allow attackers with administrative access to execute arbitrary code and compromise vulnerable systems. T...
CVE Research
APT24’s BADAUDIO: A Deep Dive into China-Nexus Espionage Against Taiwan
A China-nexus threat actor has been conducting a sophisticated, multi-year espionage campaign using a custom malware downloader, compromising regional infrastructure and reaching over 1,000 global domains through strategic supply chain attacks. At the core of this operation is BADAUDIO, a highly obf...
CVE Research
7-Zip Users at Risk: Symbolic Link Vulnerability Triggers RCE Attacks
A security vulnerability in the widely used 7-Zip file archiver has recently come under active exploitation. The flaw, identified as CVE-2025-11001, poses a significant risk as it allows for remote code execution. This issue has prompted warnings from cybersecurity entities, including NHS England Di...