The Exploit Post

Sign in Subscribe

Red Dog Security

Two Million Cisco Devices Threatened by Actively Exploited 0-Day Vulnerability

Two Million Cisco Devices Threatened by Actively Exploited 0-Day Vulnerability

Cisco has warned that a critical zero-day vulnerability (CVE-2025-20352) affecting IOS and IOS XE is being actively exploited. The flaw could allow remote denial-of-service (DoS) attacks or arbitrary code execution on a wide range of the company’s networking devices. Widespread Exposure According to Cisco, the vulnerability is present in

ShadowV2 Botnet Uses Misconfigured Docker Containers for DDoS Attacks

ShadowV2 Botnet Uses Misconfigured Docker Containers for DDoS Attacks

Darktrace researchers have uncovered a new distributed denial-of-service (DDoS) botnet that exploits misconfigured Docker containers. Instead of operating like a conventional botnet, ShadowV2 sells access to infected systems, allowing clients to launch their own attacks. A New Take on DDoS-as-a-Service ShadowV2 breaks from the traditional model of for-hire DDoS services.

Operator of Ransomware Involved in European Airport Disruptions Arrested

Operator of Ransomware Involved in European Airport Disruptions Arrested

The British National Crime Agency (NCA) has arrested a suspect linked to a ransomware attack that disrupted operations at several European airports earlier this week. Late last week, hackers targeted Collins Aerospace, the American company behind the ARINC SelfServ vMUSE system—self-service kiosks used by passengers to check in, drop

Kali Linux 2025.3 Released with Ten New Tools

Kali Linux 2025.3 Released with Ten New Tools

The developers of Kali Linux have announced version 2025.3, the third release of the year. The update introduces ten new tools, Nexmon support, and multiple NetHunter enhancements. Nexmon Support Returns Nexmon is a framework for patching the firmware of Broadcom and Cypress Wi-Fi chips, enabling monitor mode and frame

Valve Advises Users of Malicious Steam Game BlockBlasters to Reinstall Their OS

Valve Advises Users of Malicious Steam Game BlockBlasters to Reinstall Their OS

Valve is warning users who installed and ran the malicious Steam game BlockBlasters to take immediate action. Affected players are advised to scan their systems with antivirus tools and, in severe cases, consider a full operating system reinstallation. How the Attack Came to Light The malicious game drew attention earlier

Unpatched Vulnerability in OnePlus Devices Lets Any App Read SMS

Unpatched Vulnerability in OnePlus Devices Lets Any App Read SMS

Security specialists at Rapid7 have discovered a serious flaw in multiple versions of OxygenOS, the Android-based operating system used in OnePlus devices. The vulnerability allows any installed application to access SMS data and metadata—without permissions or user interaction. Discovery and Disclosure The issue, tracked as CVE-2025-10184, remains unpatched. Rapid7

Malicious npm Package Used QR Codes to Deliver Cookie-Stealing Malware

Malicious npm Package Used QR Codes to Deliver Cookie-Stealing Malware

Researchers have uncovered a malicious npm package named fezbox that steals victims’ cookies by downloading an obfuscated payload hidden inside a dense QR code. Specialists at Socket say the attackers used QR codes as a covert delivery channel. The package contains instructions to fetch a JPG that holds a high-density