SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Mirai Turns Unsupported D-Link Routers into DDoS Weapons Using CVE-2025-29635
Researchers have uncovered an active Mirai botnet campaign exploiting CVE-2025-29635, a command-injection vulnerability in legacy D-Link DIR-823X routers, to recruit internet-exposed devices into a distributed denial-of-service (DDoS) botnet. Attackers deploy a Mirai malware variant known as “tuxnok...
CVE Research
Inside Nexcorium: How CVE-2024-3721 Fuels a New Wave of Mirai-Based DDoS Botnets
Researchers have uncovered an active IoT botnet campaign exploiting two known command-injection vulnerabilities to recruit surveillance cameras and home routers into a distributed denial-of-service (DDoS) army. Dubbed Nexcorium, this new Mirai variant uses CVE-2024-3721, an OS command-injection flaw...
CVE Research
Storm-1175 and Medusa Ransomware: Anatomy of a Rapid Multi-Exploit Intrusion
Threat actors are increasingly moving faster than ever in ransomware operations, shrinking the time between initial compromise and ransomware deployment to maximize impact before defenders can respond. Instead of relying on prolonged persistence, modern ransomware groups are rapidly exploiting newly...
CVE Research
Two Zero-Days, 167 Flaws Fixed: Microsoft Delivers a Major April 2026 Patch Tuesday
The second Tuesday of April 2026 marked another extensive security update release from Microsoft, addressing a broad range of vulnerabilities across its product ecosystem. This month’s Patch Tuesday resolved a notably high number of security flaws spanning Windows, Microsoft Office, Azure, Edge, SQL...
CVE Research
Forged Trust: Improper Certificate Validation in wolfSSL
CVE-2026-5194 is a critical vulnerability affecting the wolfSSL cryptographic library, a widely used TLS/SSL implementation deployed across embedded systems, IoT devices, networking equipment, and applications.
CVE Research
Deep Dive into CVE-2026-34621: Actively Exploited Flaw in Adobe Acrobat Reader
Adobe has released emergency security updates to address a critical vulnerability in Adobe Acrobat Reader, tracked as CVE-2026-34621. This flaw, with a CVSS score of 8.6, is actively exploited in the wild and allows attackers to execute arbitrary code on affected systems via specially crafted PDF fi...
CVE Research
APT28 in 2026: Weaponizing Routers and Deploying PRISMEX Across Global Targets
The Russian state-linked threat actor APT28 (also known as Forest Blizzard and Pawn Storm) has intensified its cyber operations through two major campaigns: a large-scale DNS hijacking operation targeting SOHO routers and a spear-phishing campaign deploying the PRISMEX malware suite.
CVE Research
Analyzing the TrueConf Zero-Day Exploit in Southeast Asian Cyber Attacks
Cybercriminals are increasingly exploiting trusted enterprise collaboration platforms through supply-chain style attacks, with a newly discovered zero-day vulnerability in the TrueConf video conferencing client actively weaponized in targeted campaigns against Southeast Asian government entities. Tr...
CVE Research
Critical Infrastructure Alert: Patch Cisco IMC and SSM On-Prem Now!
A pair of critical vulnerabilities in Cisco server and license-management technologies, CVE-2026-20093 and CVE-2026-20160. These flaws allow attackers to bypass authentication or execute commands at the highest privilege level. Both flaws have been assigned a CVSS score of 9.8. Exploitation could re...