The Exploit Post

Sign in Subscribe

Red Dog Security

Critical Triofox Vulnerability Exploited: Hackers Deploy Remote Access Tools via Antivirus Feature

Critical Triofox Vulnerability Exploited: Hackers Deploy Remote Access Tools via Antivirus Feature

Google researchers have issued a warning: attackers are actively exploiting a critical vulnerability in Gladinet Triofox to execute remote code with SYSTEM privileges, bypassing authentication and seizing full control of systems. The Vulnerability The flaw, designated CVE-2025-12480, carries a CVSS score of 9.1 and stems from flawed access control

"123456," "admin," and "password" Still Dominate Most Popular Passwords in 2025

"123456," "admin," and "password" Still Dominate Most Popular Passwords in 2025

Despite years of cybersecurity warnings, the passwords "123456," "admin," and "password" remain among the most commonly used combinations, according to new research from Comparitech analyzing over two billion passwords leaked in 2025. Same Bad Habits, Different Year Comparitech specialists examined passwords distributed on hacking

'Bitcoin Queen' Sentenced to 11 Years for Laundering $7.3 Billion Crypto Pyramid Scheme

'Bitcoin Queen' Sentenced to 11 Years for Laundering $7.3 Billion Crypto Pyramid Scheme

A London court sentenced 47-year-old Chinese national Zhimin Qian, also known as Yadi Zhang, to 11 years and 8 months in prison for laundering bitcoin from China's largest cryptocurrency investment pyramid scheme. The fraud affected over 128,000 victims between 2014 and 2017, causing losses exceeding $7.3

Konni Group Weaponizes Google Find Hub to Remotely Wipe Android Devices

Konni Group Weaponizes Google Find Hub to Remotely Wipe Android Devices

The North Korean hacking group Konni is exploiting Google Find Hub (formerly Find My Device) to track victims' GPS locations and remotely factory reset their Android devices—a destructive tactic marking a shift from the group's typical data theft operations. Attack Campaign Targets South Korean Users Cybersecurity

Norton Researchers Exploit Flaw in Midnight Ransomware, Release Free Decryptor

Norton Researchers Exploit Flaw in Midnight Ransomware, Release Free Decryptor

Norton security researchers discovered a critical weakness in Midnight ransomware—a variant built on leaked Babuk source code from 2021. Despite positioning itself as an "advanced" version with improved encryption, the malware's developers made implementation mistakes that allowed Norton to create a free decryption tool for

FBI Demands Identity of Archive.Today Operator in Criminal Investigation

FBI Demands Identity of Archive.Today Operator in Criminal Investigation

The FBI wants to know who runs archive.today, one of the internet's largest and most controversial web archiving services. On October 30, 2024, federal agents sent a legal demand to domain registrar Tucows requiring disclosure of the site operator's identity and personal information. The request,

Three Critical Vulnerabilities in runC Enable Docker Container Escapes

Three Critical Vulnerabilities in runC Enable Docker Container Escapes

Security researchers have identified three serious vulnerabilities in runC, the container runtime that powers Docker and Kubernetes. These flaws allow attackers to break out of container isolation and gain root access to the host system. SUSE engineer Aleksa Sarai, who also serves on the Open Container Initiative (OCI) board, reported