SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
A Flip in the FortiSwitch: FortiSwitch Users Urged to Patch Critical Security Flaw
CVE-2024-48887 is a critical vulnerability affecting the Fortinet FortiSwitch web interface, with a CVSS score of 9.8. It stems from improper access control, allowing remote attackers to change administrator passwords without authentication, potentially leading to full system compromise.
CVE Research
CrushFTP Security Alert: Actively Exploited Authentication Bypass Vulnerability! Patch Now!
CrushFTP users beware!! A severe authentication bypass vulnerability is exploited, endangering sensitive data and entire systems. This security flaw grants unauthorized access to CrushFTP servers, requiring urgent attention and immediate action. If you depend on CrushFTP for file transfers, recogniz...
CVE Research
Eliminating Healthcare’s Cloud Security Gaps with Saner Cloud
Healthcare organizations rely on cloud environments to store and manage patient data, but security challenges and compliance requirements make protection a top priority. Misconfigurations, unpatched vulnerabilities, and excessive user permissions create serious risks — threats that attackers exploit...
CVE Research
Hook, Line, and Sinker: Chrome Patches Zero-Day Used in Phishing Attacks
In mid-March 2025, a deluge of personalized phishing emails took Russia by storm. When analyzed, the underlying vulnerability had researchers swimming in uncharted waters; they had found a new Chrome zero-day!
CVE Research
Ingress NGINX Remote Code Execution Vulnerabilities Discovered – Patch Now!
Critical security vulnerabilities have been discovered in the Ingress-NGINX Controller for Kubernetes. CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974—collectively known as ‘IngressNightmare’—allow attackers to gain unauthorized access to secrets across all namespaces. This results i...
CVE Research
Next Blunder: Next.js Users Urged to Patch Critical Security Flaw
A severe vulnerability tracked as CVE-2025-29927, with a CVSS score of 9.1, has been identified in the Next.js React framework. If exploited, it could result in an authentication bypass under specific conditions.
CVE Research
Implementing Zero Trust Security in Healthcare Cloud Environments
Think about the sheer volume of data exchanged in a hospital every second — from electronic health records to real-time updates from connected medical devices. Now imagine trying to manage who gets access to what, where, and when, without leaving gaps for hackers to exploit. It’s a delicate balance,...
CVE Research
Git Wrecked: GitLab Users Urged to Patch Critical Security Flaws
GitLab has released patches to address nine vulnerabilities affecting various installations of the Community Edition (CE) and Enterprise Edition (EE). Two of these have been classified as critical and are tracked as CVE-2025-25291 and CVE-2025-25292, each with a CVSS score of 8.8. These vulnerabilit...