SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
What Does Your Security Posture Talk About Your Security?
In March 2024, a major US-based healthcare provider fell victim to a ransomware attack that compromised the personal data of over 2 million patients. The entry point? An unpatched vulnerability in an outdated system that had been flagged months prior but never resolved.
CVE Research
Swiper, No Swiping! Mozilla Patches Two Firefox Zero Days
Mozilla released emergency Firefox patches to combat two critical zero days discovered during the hacking contest Pwn2own. CVE-2025-4918, credited to Edouard Bochin and Tao Yan from Palo Alto Networks, and CVE-2025-4919, credited to Manfred Paul, could potentially be exploited to access sensitive da...
CVE Research
FortiFlaw: Critical Stack-Based Buffer Overflow in Multiple Fortinet Products
A critical zero-day vulnerability, tracked as CVE-2025-32756 and assigned a CVSS score of 9.8, has been discovered in several Fortinet products, including FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. This flaw allows remote, unauthenticated attackers to execute arbitrary code or ...
CVE Research
Microsoft Patches 72 Flaws, 5 Zero Days in May 2025 Patch Tuesday
Microsoft has released its May 2025 Patch Tuesday updates, addressing many vulnerabilities across its product lineup. This month’s release tackles 72 flaws, focusing on five zero-day vulnerabilities that are reportedly actively exploited in the wild. Additionally, two other vulnerabilities were publ...
CVE Research
Cisco Security Alert: Cisco IOS XE users Urged to Patch Critical Security Flaw
A critical security vulnerability, identified as CVE-2025-20188 and rated with a maximum CVSS score of 10.0, has been discovered in the Cisco IOS XE Wireless Controller. This flaw allows unauthenticated remote attackers to upload arbitrary files to affected systems.
CVE Research
Why Linux Reports More Vulnerabilities & What It Means
Are higher numbers of CVEs an indicator of the “cyber-safety” of a particular piece of software? Or does it mean something else? New vulnerability discoveries are some of the most important pointers security professionals must follow, as they are key indicators of a platform’s security posture.
CVE Research
Why Prevention-First Security Is the Only Solution to Ransomware
In 2025, ransomware escalated from a disruptive nuisance to a global economic crisis. Cybersecurity Ventures projects that ransomware damages will reach $57 billion this year, translating to $156 million per day or $109,000 per minute. Reactive cybersecurity tools fail to contain this scale of damag...
CVE Research
Error in lang: Erlang Users Urged to Patch Critical Security Flaw
A critical security flaw, tracked as CVE-2025-32433 and rated with a CVSS score of 10.0, has been found in the SSH implementation of the Erlang/Open Telecom Platform (OTP). This vulnerability could allow an unauthenticated attacker to run arbitrary code, but only under specific conditions.
CVE Research
378 Vulnerabilities Fixed in Oracle’s Latest Critical Patch Update
Oracle’s quarterly critical patch update made its entrance with a bang this April, fixing 378 vulnerabilities in both Oracle and third-party product families. Oracle Communications accounted for the highest number of flaws, totaling 103, with Oracle MySQL and Oracle Communications Applications trail...