The Exploit Post

Sign in Subscribe

Red Dog Security

Malicious Actors Exploit RCE Vulnerability in 7-Zip

Malicious Actors Exploit RCE Vulnerability in 7-Zip

NHS England Digital is warning about active exploitation of vulnerability CVE-2025-11001 in the 7-Zip archiver. Users are urged to update to version 25.00, released in July 2025. Vulnerability Details CVE-2025-11001 (CVSS score: 7.0) involves improper handling of symbolic links in ZIP files. A specially crafted archive can force

Hackers Deface Website of DPI Technology Provider Protei and Claim Leak of 182 GB of Data

Hackers Deface Website of DPI Technology Provider Protei and Claim Leak of 182 GB of Data

An unknown hacker group claims to have breached the servers of telecommunications company Protei and stolen approximately 182 gigabytes of data, including several years of email correspondence. The attackers, whose motives remain unclear, also defaced the company's website with a profane message. Company Background Per TechCrunch reporting, Protei

Approximately 50,000 Asus Routers Compromised in WrtHug Campaign

Approximately 50,000 Asus Routers Compromised in WrtHug Campaign

Researchers at SecurityScorecard have uncovered a large-scale malicious campaign called WrtHug, which has compromised approximately 50,000 Asus routers worldwide. Attackers are exploiting six known vulnerabilities, primarily targeting older models from the AC and AX series. Geographic Distribution and Attribution The majority of infected devices are located in Taiwan, with

Google Chrome Patches Zero-Day Vulnerability Already Exploited by Hackers

Google Chrome Patches Zero-Day Vulnerability Already Exploited by Hackers

Google has released an emergency patch for Chrome, fixing zero-day vulnerability CVE-2025-13223. This marks the seventh zero-day vulnerability exploited in real-world attacks and patched in the browser this year. The patched issue involves a type confusion error in the V8 JavaScript engine and WebAssembly. Clement Lecigne from Google's

Global Cloudflare Outage Caused by Configuration Error, Not Attack

Global Cloudflare Outage Caused by Configuration Error, Not Attack

Cloudflare CEO Matthew Prince has explained the cause of the massive outage that disrupted the company's global network and numerous websites on November 18, 2025. A database permission configuration error triggered the incident, though the company initially suspected a large-scale DDoS attack. Prince wrote that the problem occurred

RondoDox Botnet Exploits XWiki Vulnerability to Compromise Servers

RondoDox Botnet Exploits XWiki Vulnerability to Compromise Servers

Security researchers are warning about a new attack wave from the RondoDox botnet exploiting a critical remote code execution vulnerability in XWiki Platform (CVE-2025-24893). CISA has already added the flaw to its catalog of actively exploited vulnerabilities, with exploitation attempts increasing since early November. RondoDox first appeared on researchers'

Malicious npm Packages Abuse Adspect Redirects

Malicious npm Packages Abuse Adspect Redirects

Researchers at Socket have discovered seven malicious packages in npm that exploit the Adspect cloud service to mask their activity while redirecting victims to cryptocurrency scam websites. Adspect markets itself as a tool for protecting websites from bots. However, this campaign demonstrates the service can serve the opposite purpose—concealing