The Exploit Post

Sign in Subscribe

Red Dog Security

Cybersecurity Researcher Earns $250,000 for Chrome Sandbox Escape Vulnerability

Cybersecurity Researcher Earns $250,000 for Chrome Sandbox Escape Vulnerability

A security researcher known by the alias Micky has received a record-breaking $250,000 bounty from Google for discovering a critical Chrome vulnerability that allowed attackers to bypass the browser’s sandbox. The flaw, tracked as CVE-2025-4609, was first identified in April 2025 and patched in mid-May with the release

WinRAR 0-Day Vulnerability Exploited in Phishing Attacks

WinRAR 0-Day Vulnerability Exploited in Phishing Attacks

Security researchers at ESET have confirmed that a recently patched flaw in WinRAR (CVE-2025-8088) was exploited as a zero-day in phishing campaigns to deliver the RomCom malware. The vulnerability, a directory traversal issue, was addressed in late July with the release of WinRAR version 7.13. It allowed attackers to

Google Ads Customer Data Leaked in Salesforce Hack

Google Ads Customer Data Leaked in Salesforce Hack

Google has confirmed that a recent data breach tied to a Salesforce compromise exposed information belonging to Google Ads customers. Last week, the company acknowledged it was impacted by a leak attributed to the hacker group ShinyHunters, which in recent months has been systematically targeting Salesforce CRM platforms. In June

Silent Crow Publishes Data Stolen from Aeroflot

Silent Crow Publishes Data Stolen from Aeroflot

Members of the Silent Crow group, which claimed responsibility for the late-July cyberattack on Aeroflot, have begun releasing data allegedly stolen from the airline. According to media reports, the leak includes sensitive medical records belonging to pilots and other airline employees. The attack occurred on July 28, 2025, when Aeroflot

Daily CVE report with the latest security vulnerabilities and exploits. Stay informed with real-time updates and expert insights on emerging cyber threats.

Daily CVE report with the latest security vulnerabilities and exploits. Stay informed with real-time updates and expert insights on emerging cyber threats.

CVE-2025-54987 Description: A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture. Source: Trend Micro, Inc. Analysis CVE-2025-54987 and CVE-2025-54948

Efimer Steals Cryptocurrency, Hacks WordPress, and Sends Spam

Efimer Steals Cryptocurrency, Hacks WordPress, and Sends Spam

Researchers at Kaspersky have identified a wave of cyberattacks involving the Efimer Trojan. The malware spreads through compromised WordPress websites, torrents, and phishing emails. Its primary purpose is to steal and replace cryptocurrency wallet addresses. With the help of additional scripts, it can also brute-force passwords for WordPress sites and

Wikipedia Editors Will Quickly Remove AI-Generated Articles

Wikipedia Editors Will Quickly Remove AI-Generated Articles

Wikipedia has adopted new rules to address a growing flood of AI-generated articles. Under the policy, administrators can now swiftly remove such articles—without the usual week-long debate—if they meet specific criteria. The encyclopedia is maintained by a global community of volunteers who often spend days debating both edits