Introducing Lab0xM,
MicroSec's Zero-Day Research Lab

Lab0xM is the dedicated zero-day research division of MicroSec, focused on discovering and responsibly disclosing zero-day vulnerabilities, IoT/OT security risks, and critical infrastructure threats.

Explore Our Research Vulnerability Disclosures

Core Research Areas

At Lab0xM, we are committed to securing tomorrow's infrastructure through advanced threat research in these following areas.

Vulnerability Research

Zero-day research, exploit development, and responsible disclosure

Threat Analysis

Advanced persistent threats, malware analysis, and attack methodologies

Featured Research

Read about all the discoveries and disclosures made by our research team at our blog .

IoT Security

MicroSec Identifies SpaceX Starlink Exposure (Customer Side Misconfiguration)

Satellite internet infrastructure, while revolutionary, underscores critical cybersecurity responsibilities. MicroSec Researchers recently identified and responsibly disclosed an unintended exposure involving a Starlink customer terminal.

This disclosure explores how misconfigured third-party equipment inadvertently exposed a limited set of internal gRPC commands, the potential implications, and necessary security best practices.

IoT Security

Disclosure of Critical Vulnerability in Ollama AI Model Server: Unauthenticated Remote API Access

MicroSec Researchers identified a potential critical vulnerability in the Ollama AI Model Server, an open-source platform designed for deploying large language models (LLMs) locally. Ollama servers exposed to the internet do not enforce authentication or access controls, allowing unauthenticated attackers to remotely interact with, modify, and control AI models.

Though originally intended for local deployment, widespread internet exposure has occurred, driven by innovative integrations within startups, smart home IoT systems, healthcare, and industrial IoT (IIoT/OT) environments.

Vulnerability Disclosures

Discover all the vulnerabilities in critical IoT, OT, ICS, medical, and embedded systems that were identified and responsibly disclosed by our Lab0xM team.

CVE ID	Description	Details
CVE-2025-0896	Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker.	View CVE
CVE-2025-1863	Default authentication is disabled, allowing unauthenticated access to device settings and data.	View CVE
CVE-2025-1907	Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected.	View CVE
CVE-2025-2567	An attacker could modify or disable settings, disrupt fuel monitoring and supply chain operations, leading to disabling of ATG monitoring. This would result in potential safety hazards in fuel storage and transportation.	View CVE
CVE-2025-5310	Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution.	View CVE

Research Team

Lead Security Researcher

Souvik Kandar

Souvik Kandar is a cybersecurity researcher and bug bounty hunter, known for uncovering critical zero-day vulnerabilities and publishing high-impact CVEs in IoT, OT, and ICS systems.

His work has earned global recognition, including acknowledgments from CISA and Idaho National Laboratory.

Introducing Lab0xM, MicroSec's Zero-Day Research Lab