The Exploit Post

Sign in Subscribe

Red Dog Security

AI-Generated npm Package Stole Cryptocurrency, Downloaded 1,500+ Times

AI-Generated npm Package Stole Cryptocurrency, Downloaded 1,500+ Times

Security researchers at Safety have uncovered a malicious npm package, likely AI-generated, that was designed to steal cryptocurrency wallet data from unsuspecting developers. Key Details * Package Name: @kodane/patch-manager (now removed from npm) * Disguise: Posed as a performance optimization tool, claiming to provide “advanced license validation and registry optimization for

Google Tool Allowed Removal of Pages from Search Results

Google Tool Allowed Removal of Pages from Search Results

Investigators have uncovered a vulnerability in Google’s "Refresh Outdated Content" tool that allowed unauthorized removal of search result entries—allegedly exploited to suppress negative reporting about the CEO of a major San Francisco tech company. How It Happened The flaw came to light following reports by journalist

Pi-hole Suffers Data Leak Due to WordPress Plugin Vulnerability

Pi-hole Suffers Data Leak Due to WordPress Plugin Vulnerability

The developers behind Pi-hole, the widely used DNS-level ad blocker, have disclosed a data leak exposing the names and email addresses of thousands of donors. The breach stemmed from a vulnerability in the GiveWP WordPress plugin used on their donation page. What Happened? Pi-hole, originally designed for Raspberry Pi devices,

Mozilla Warns Extension Developers About Phishing Attacks

Mozilla Warns Extension Developers About Phishing Attacks

Mozilla has issued an urgent warning to browser extension developers about an ongoing phishing campaign targeting accounts on the official addons.mozilla.org (AMO) platform. AMO hosts more than 60,000 extensions and 500,000 themes, serving millions of users around the world. How the Attack Works The phishing scheme

Kali Linux Can Now Run in Containers on macOS

Kali Linux Can Now Run in Containers on macOS

The Kali Linux team has officially announced support for running Kali in containers on macOS Sequoia, leveraging Apple’s new virtualization and containerization features. This marks a significant step for developers and security professionals who use Apple Silicon devices and want direct access to Kali’s tools without a full

Some goo.gl Short Links Will Continue to Work

Some goo.gl Short Links Will Continue to Work

Google has reversed its original decision to fully shut down the goo.gl URL shortening service by August 2025. After significant user feedback, the company confirmed that some links will remain active past the previously announced cutoff date. Background Launched in 2009, goo.gl was Google’s official URL shortening

Vulnerability in Google’s Gemini CLI AI Assistant Allowed Arbitrary Code Execution

Vulnerability in Google’s Gemini CLI AI Assistant Allowed Arbitrary Code Execution

A newly discovered vulnerability in Google’s Gemini CLI—a command-line interface for its AI coding assistant—could have allowed attackers to silently run malicious code on developers’ machines, exfiltrate sensitive data, and compromise trusted workflows. Security researchers at Tracebit identified the issue just two days after the tool’s