The Exploit Post

Sign in Subscribe

Red Dog Security

WordPress Plugin Gravity Forms Hacked – Backdoor Found in Official Installers

WordPress Plugin Gravity Forms Hacked – Backdoor Found in Official Installers

The popular WordPress plugin Gravity Forms has become the latest victim of a supply chain attack, with official installers from its website found to be infected with a dangerous backdoor. Gravity Forms is a premium plugin used to build contact forms, payment forms, and a wide range of other user-input

McDonald’s Recruiting AI Bot Exposed Millions of Applicants’ Data Due to Password “123456”

McDonald’s Recruiting AI Bot Exposed Millions of Applicants’ Data Due to Password “123456”

Renowned cybersecurity experts Sam Curry and Ian Carroll have uncovered a massive data exposure involving Olivia, the AI-powered chatbot McDonald’s uses to screen job applicants. The researchers found that a database tied to the bot contained over 64 million records, all exposed due to the use of the password

Extensions Turn Nearly a Million Browsers into Scraping Bots

Extensions Turn Nearly a Million Browsers into Scraping Bots

Chrome, Firefox, and Edge extensions—installed nearly a million times—are quietly turning users' browsers into commercial scraping tools, bypassing security measures and violating user trust. According to analysts at SecurityAnnex, a total of 245 malicious extensions have amassed approximately 909,000 downloads. While marketed for innocuous functions—such

Critical Vulnerability Patched in FreeIPA Domain Controller for Linux Systems

Critical Vulnerability Patched in FreeIPA Domain Controller for Linux Systems

Red Hat has issued a patch for a critical vulnerability in FreeIPA, a widely used domain controller for Linux systems. The flaw—CVE-2025-4404, rated CVSS 9.4—was discovered by Mikhail Sukhov, a researcher at Positive Technologies. FreeIPA is commonly deployed to manage user identities, authentication policies, and audit logging

Beyond Log4Shell: Two Overlooked Log4j Vulnerabilities That Still Linger

Beyond Log4Shell: Two Overlooked Log4j Vulnerabilities That Still Linger

While the infamous Log4Shell (CVE-2021-44228) and its related flaws dominated headlines in December 2021, two other critical vulnerabilities—Denial-of-Service (DoS) and data leakage—remained largely overlooked. Officially acknowledged only in September 2022, these issues were quietly absorbed into the original set of CVEs, leaving them unpatched and underreported as distinct

Millions of Cars Exposed to Bluetooth Attacks via PerfektBlue Vulnerabilities

Millions of Cars Exposed to Bluetooth Attacks via PerfektBlue Vulnerabilities

Critical flaws in OpenSynergy’s BlueSDK put Mercedes-Benz, Volkswagen, Skoda, and others at risk. Four newly disclosed vulnerabilities in the BlueSDK Bluetooth stack—developed by OpenSynergy—have exposed millions of vehicles to potential remote attacks. Collectively named PerfektBlue, these flaws enable remote code execution (RCE) and could grant attackers access

TapTrap Attack Exploits UI Animations to Bypass Android’s Permission System

TapTrap Attack Exploits UI Animations to Bypass Android’s Permission System

Security researchers have uncovered a new technique—dubbed TapTrap—that exploits Android’s user interface (UI) animations to bypass the platform’s permission system. The attack allows malicious apps to steal sensitive data or trick users into performing dangerous actions, including factory-resetting their devices. What Is TapTrap? TapTrap is a