The Exploit Post

Sign in Subscribe

Red Dog Security

Daily CVE report with the latest security vulnerabilities and exploits. Stay informed with real-time updates and expert insights on emerging cyber threats.

Daily CVE report with the latest security vulnerabilities and exploits. Stay informed with real-time updates and expert insights on emerging cyber threats.

CVE-2025-54987 Description: A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture. Source: Trend Micro, Inc. Analysis CVE-2025-54987 and CVE-2025-54948

Efimer Steals Cryptocurrency, Hacks WordPress, and Sends Spam

Efimer Steals Cryptocurrency, Hacks WordPress, and Sends Spam

Researchers at Kaspersky have identified a wave of cyberattacks involving the Efimer Trojan. The malware spreads through compromised WordPress websites, torrents, and phishing emails. Its primary purpose is to steal and replace cryptocurrency wallet addresses. With the help of additional scripts, it can also brute-force passwords for WordPress sites and

Wikipedia Editors Will Quickly Remove AI-Generated Articles

Wikipedia Editors Will Quickly Remove AI-Generated Articles

Wikipedia has adopted new rules to address a growing flood of AI-generated articles. Under the policy, administrators can now swiftly remove such articles—without the usual week-long debate—if they meet specific criteria. The encyclopedia is maintained by a global community of volunteers who often spend days debating both edits

60 Malicious Packages Found in RubyGems, Downloaded 275,000 Times

60 Malicious Packages Found in RubyGems, Downloaded 275,000 Times

Security researchers have uncovered 60 malicious packages on RubyGems, the package manager for the Ruby programming language. Disguised as harmless automation tools for social media, blogs, and messaging platforms, the gems stole user credentials and, since March 2023, have been downloaded more than 275,000 times. Experts at Socket, who

Paper Werewolf Exploits WinRAR Vulnerabilities in Espionage Campaigns

Paper Werewolf Exploits WinRAR Vulnerabilities in Espionage Campaigns

In July and early August 2025, the espionage-focused hacking group Paper Werewolf targeted multiple organizations in Russia and Uzbekistan. The campaign relied on phishing emails containing RAR archives that appeared to hold important documents but instead carried malware. The attackers exploited two vulnerabilities in WinRAR that allowed malicious software to

Daily CVE report with the latest security vulnerabilities and exploits. Stay informed with real-time updates and expert insights on emerging cyber threats.

Daily CVE report with the latest security vulnerabilities and exploits. Stay informed with real-time updates and expert insights on emerging cyber threats.

CVE-2025-8022 Rejected This CVE has been marked Rejected in the CVE List. These CVEs are stored in the NVD, but do not show up in search results by default. NVD Published Date: 07/23/2025 NVD Last Modified: 08/11/2025 Description Rejected reason: Bun Shell does not invoke /bin/

SonicWall Denies 0-Day Exploit, Links Recent Attacks to 2024 Vulnerability

SonicWall Denies 0-Day Exploit, Links Recent Attacks to 2024 Vulnerability

SonicWall has confirmed that recent attacks targeting its 7th-generation firewalls with SSL VPN enabled were the work of the Akira ransomware group exploiting an old vulnerability—CVE-2024-40766—rather than a suspected zero-day. Key Findings Following an investigation into 40 incidents, SonicWall determined that attackers leveraged CVE-2024-40766, a critical SSL VPN