The Exploit Post

Sign in Subscribe

Red Dog Security

Critical Vulnerability in Cisco UCCX Allows Root Command Execution

Critical Vulnerability in Cisco UCCX Allows Root Command Execution

Cisco developers have patched a critical vulnerability in Unified Contact Center Express (UCCX) that allowed attackers to obtain root privileges and gain full control over the system. This is the kind of vulnerability that keeps security teams awake at night—unauthenticated remote code execution with root access on systems that

An AI-Written Encryptor Infiltrated the VS Code Extension Catalog

An AI-Written Encryptor Infiltrated the VS Code Extension Catalog

Researchers from Secure Annex have discovered a malicious extension in the Visual Studio Code Marketplace that possesses basic ransomware functionality. What makes this case particularly noteworthy is that the malware appears to be written using AI-assisted coding, and its malicious functionality is stated directly in the description as if the

The Cavalry Werewolf Group is Attacking Russian Government Institutions

The Cavalry Werewolf Group is Attacking Russian Government Institutions

In July 2025, Doctor Web specialists investigated an incident at a Russian Federation state institution where unwanted emails were being sent from a corporate mailbox. What started as a seemingly simple email compromise investigation revealed something far more serious: a targeted attack by the hacker group Cavalry Werewolf, aimed at

US Cybersecurity Experts Accused of Using BlackCat Ransomware

US Cybersecurity Experts Accused of Using BlackCat Ransomware

Three former employees of cybersecurity firms—companies whose job was to protect against ransomware attacks—now stand accused of conducting those very attacks themselves. According to the US Department of Justice, they participated in BlackCat (ALPHV) ransomware operations and extorted millions of dollars from victims. This represents one of the

Google Warns About the Emergence of New AI-Based Malware Families

Google Warns About the Emergence of New AI-Based Malware Families

Researchers from the Google Threat Intelligence Group (GTIG) have issued a warning that hackers are now integrating AI directly into malware code, not just using it during attack preparation. This marks a significant shift in threat development. The malware can dynamically modify its own code during execution, which creates a

Microsoft Edge Gets Smarter About Detecting Tech Support Scams

Microsoft Edge Gets Smarter About Detecting Tech Support Scams

Microsoft added a new protective layer to Edge browser that connects local machine learning detection with cloud-based blocking. The system identifies scareware pages—those fake tech support warnings that try to frighten users into calling scammers—and feeds that intelligence to Defender SmartScreen for faster, broader protection. This represents a

Hackers Exploit Post SMTP Plugin to Hijack WordPress Administrator Accounts

Hackers Exploit Post SMTP Plugin to Hijack WordPress Administrator Accounts

Attackers are actively exploiting a critical vulnerability in Post SMTP, a WordPress plugin installed on over 400,000 websites. The flaw allows hackers to seize administrator accounts and take complete control of vulnerable sites. Post SMTP ranks among the most popular plugins for handling email on WordPress sites. Developers market