The Exploit Post

Sign in Subscribe

Latest

TEE.fail Attack Breaks Through Intel and AMD Confidential Computing Protections

TEE.fail Attack Breaks Through Intel and AMD Confidential Computing Protections

Researchers have successfully demonstrated a new attack method called TEE.fail. This technique extracts cryptographic keys and sensitive data from secure enclaves built into Intel processors (SGX, TDX) and AMD processors (SEV-SNP). These secure zones, known as Trusted Execution Environments (TEE), separate themselves from the operating system. Manufacturers built them

Brash Vulnerability Can Crash Chromium Browsers in Seconds

Brash Vulnerability Can Crash Chromium Browsers in Seconds

I'll analyze your article as both an editor and cybersecurity journalist, then provide a rewritten version. Editorial Assessment: Grammar: Strong overall, with minor issues: * "Information security researcher" could be simply "Security researcher" * "The core of the problem is that" – slightly wordy * "

Russian Police Arrest Creators of Meduza Stealer Malware

Russian Police Arrest Creators of Meduza Stealer Malware

Russian law enforcement has arrested members of a cybercrime group responsible for creating and operating the Meduza stealer, a malware-as-a-service operation that targeted credentials and cryptocurrency wallets for nearly two years. The Department for Countering Cybercrime of the Russian Ministry of Internal Affairs, working with Astrakhan region law enforcement, detained

Fastwel Patches Critical PLC Vulnerabilities That Allowed Code Execution

Fastwel Patches Critical PLC Vulnerabilities That Allowed Code Execution

Russian industrial equipment manufacturer Fastwel has released security updates for two programmable logic controller (PLC) models, addressing nine serious vulnerabilities that could allow attackers to execute arbitrary code and take complete control of the devices. The vulnerabilities affect Fastwel's CPM723-01 and CPM810-03 controllers, which are widely deployed across

The Herodotus Trojan: Banking Malware That Types Like a Human to Beat Detection

The Herodotus Trojan: Banking Malware That Types Like a Human to Beat Detection

A new banking Trojan called Herodotus has emerged in Italy and Brazil, and it brings something we haven't seen before in Android malware: the ability to mimic human typing patterns to fool behavioral analysis systems. ThreatFabric researchers first spotted Herodotus advertised on hacker forums on September 7, 2025,

Atroposia MaaS Platform Offers Subscription-Based RAT with Integrated Vulnerability Scanner

Atroposia MaaS Platform Offers Subscription-Based RAT with Integrated Vulnerability Scanner

A new Malware-as-a-Service platform is democratizing sophisticated cyberattacks by offering a feature-rich remote access trojan for just $200 per month, complete with built-in vulnerability scanning capabilities that enable attackers to identify and exploit weaknesses across enterprise networks. Varonis Threat Labs researchers have uncovered Atroposia, a subscription-based malware platform that packages

PhantomRaven Campaign: Attackers Exploit npm Vulnerability to Deploy 126 Malicious Packages with 86,000+ Downloads

PhantomRaven Campaign: Attackers Exploit npm Vulnerability to Deploy 126 Malicious Packages with 86,000+ Downloads

A sophisticated supply chain attack has compromised the npm ecosystem, with threat actors uploading over 100 malicious packages that exploit an obscure feature to bypass security detection and steal developer credentials. Koi Security researchers have uncovered the PhantomRaven campaign, active since August 2024, which has successfully delivered infostealers through 126