The Exploit Post

Sign in Subscribe

Red Dog Security

Critical Bug in WD My Cloud Allows Remote Command Injection

Critical Bug in WD My Cloud Allows Remote Command Injection

Western Digital has released firmware updates for multiple My Cloud NAS models to patch a critical vulnerability that could allow attackers to execute arbitrary commands remotely. The flaw, tracked as CVE-2025-30247, is a command injection vulnerability in the My Cloud user interface. It can be exploited through specially crafted HTTP

Crimson Collective Claims Theft of 570 GB of Data from Red Hat

Crimson Collective Claims Theft of 570 GB of Data from Red Hat

The ransomware group Crimson Collective claims to have stolen 570 GB of data from more than 28,000 internal Red Hat repositories. Company representatives have confirmed that one of its GitLab instances was compromised. According to the attackers, the stolen data includes approximately 800 Customer Engagement Reports (CERs), documents prepared

Hackers Exploit Milesight Industrial Routers to Send Phishing SMS Campaigns

Hackers Exploit Milesight Industrial Routers to Send Phishing SMS Campaigns

Fraudsters are abusing unsecured Milesight industrial routers to deliver large-scale phishing SMS messages. According to researchers at Sekoia, these campaigns have been active since 2023. The routers, manufactured by the Chinese company Milesight IoT Co., Ltd., are widely deployed IoT devices. They connect critical infrastructure such as traffic lights, electricity

New Android Banking Trojan "Klopatra" Uses VNC to Control Smartphones

New Android Banking Trojan "Klopatra" Uses VNC to Control Smartphones

A newly discovered Android banking trojan and remote access tool (RAT), dubbed Klopatra, is disguising itself as an IPTV and VPN application. The malware has already infected more than 3,000 devices and gives attackers near-complete control of compromised smartphones. Capabilities and Features Klopatra can track the device’s screen

AI Will Detect Ransomware in Google Drive

AI Will Detect Ransomware in Google Drive

Google has unveiled a new AI-powered security feature for Drive for desktop. Trained on millions of real ransomware samples, the system can detect suspicious activity and suspend synchronization to help contain the damage from a crypto-ransomware attack. How It Works Drive for desktop is an application that syncs local files

Tile Trackers Transmit Data in Plain Text, Researchers Warn

Tile Trackers Transmit Data in Plain Text, Researchers Warn

Researchers at the Georgia Institute of Technology have discovered that Tile Bluetooth trackers transmit identification data in plain text—making it possible to identify and track their owners. According to the team, multiple weaknesses in Tile devices contradict the security and privacy assurances offered by manufacturer Life360. Most notably, Tile

MatrixPDF Converts PDF Files into Phishing Lures

MatrixPDF Converts PDF Files into Phishing Lures

A new phishing toolkit called MatrixPDF has been uncovered, allowing attackers to transform ordinary PDF files into interactive lures that bypass email security and redirect victims to credential theft pages or malware downloads. Researchers from Varonis, who identified the tool, note that MatrixPDF is marketed as a phishing simulator and