The Exploit Post

Sign in Subscribe

Latest

Critical DNS Cache Poisoning Flaws Patched in BIND, the Internet's Most Widely Used DNS Server

Critical DNS Cache Poisoning Flaws Patched in BIND, the Internet's Most Widely Used DNS Server

The Internet Systems Consortium (ISC) has released emergency security updates for BIND 9, addressing three serious vulnerabilities that could allow attackers to poison DNS caches and redirect users to malicious websites—or simply knock DNS servers offline. Two of the flaws enable cache poisoning attacks that undermine protections established nearly

AI Browser Vulnerability Allows Attackers to Hijack ChatGPT and Perplexity Assistants

AI Browser Vulnerability Allows Attackers to Hijack ChatGPT and Perplexity Assistants

Security researchers have discovered a critical vulnerability affecting OpenAI's ChatGPT Atlas and Perplexity's Comet browsers that allows attackers to completely hijack the built-in AI assistants and trick users into executing malicious actions. The "AI Sidebar Spoofing" attack, disclosed by SquareX researchers, exploits a fundamental

Critical VM Escape Vulnerabilities Discovered in Oracle VirtualBox for ARM-Based Macs

Critical VM Escape Vulnerabilities Discovered in Oracle VirtualBox for ARM-Based Macs

Security researchers at BI.ZONE have uncovered a dangerous vulnerability chain in Oracle VirtualBox that could allow attackers to break out of virtual machines and compromise host systems running ARM-based macOS. The two flaws—CVE-2025-62592 and CVE-2025-61760—represent the first publicly known VM escape vulnerability chain since VirtualBox added ARM

Microsoft Issues Emergency Patch for Critical WSUS Vulnerability Under Active Exploitation

Microsoft Issues Emergency Patch for Critical WSUS Vulnerability Under Active Exploitation

Microsoft has released emergency out-of-band security updates to address a critical vulnerability in Windows Server Update Service (WSUS) after security researchers detected active exploitation attempts in the wild. The flaw, tracked as CVE-2025-59287, enables remote code execution on vulnerable servers and is particularly dangerous it could potentially spread between WSUS

Massive "YouTube Ghost Network" Distributed Malware Through 3,000+ Fake Tutorial Videos

Massive "YouTube Ghost Network" Distributed Malware Through 3,000+ Fake Tutorial Videos

Four-year campaign hijacked legitimate channels to push info-stealers disguised as cracked software and game cheats, with activity tripling in 2025 Google has removed over 3,000 malicious videos from YouTube that formed part of a sophisticated malware distribution network active since 2021, security researchers revealed this week. The campaign, dubbed

"Jingle Thief" Hackers Steal Millions Through Gift Card Fraud Scheme

"Jingle Thief" Hackers Steal Millions Through Gift Card Fraud Scheme

Moroccan cybercrime group infiltrates retailers' cloud systems to mass-issue unauthorized gift cards, maintaining hidden access for over a year A sophisticated hacking operation is targeting retail and consumer service companies worldwide, exploiting cloud infrastructure vulnerabilities to generate and steal gift cards worth potentially millions of dollars. The group, dubbed

(Untitled)

(Untitled)

Four vulnerabilities affecting 13 Omada gateway models enable attackers to execute commands and gain root access—some requiring no authentication TP-Link has issued urgent security advisories warning that critical vulnerabilities in its Omada gateway lineup could allow attackers to completely compromise business networks, steal data, and establish persistent backdoors. The