The Exploit Post

Sign in Subscribe

Latest

Microsoft Blocks File Previews to Stop Zero-Click Credential Theft

Microsoft Blocks File Previews to Stop Zero-Click Credential Theft

Windows 11 update disables preview pane for downloaded files after attackers exploit feature to steal authentication credentials Microsoft has disabled File Explorer's preview feature for files downloaded from the internet, closing a security gap that allowed attackers to steal Windows credentials without victims ever opening a file. The

Sophisticated Android Backdoor Hijacks 58,000+ Telegram Accounts Through Fake Apps

Sophisticated Android Backdoor Hijacks 58,000+ Telegram Accounts Through Fake Apps

Baohuo malware hides in modified Telegram X apps, giving attackers complete control while remaining invisible to victims Security researchers have uncovered a sophisticated Android backdoor targeting Telegram users in Brazil and Indonesia, marking the first known case of malware using Redis databases for command-and-control operations on mobile devices. The malware,

AWS Outage Exposes Critical Flaws in Eight Sleep's Cloud-Dependent Smart Beds

AWS Outage Exposes Critical Flaws in Eight Sleep's Cloud-Dependent Smart Beds

When Amazon's servers failed, thousands of customers found their $5,000+ mattresses locked in uncomfortable positions—or dangerously overheating This week's massive Amazon Web Services (AWS) outage didn't just disrupt banking and airline operations—it turned premium smart mattresses into what users are calling

TARmageddon: Remote Code Execution Vulnerability Found in Abandoned Rust Library

TARmageddon: Remote Code Execution Vulnerability Found in Abandoned Rust Library

A critical vulnerability, dubbed TARmageddon and tracked as CVE-2025-62518, has been discovered in the async-tar library for Rust and its forks—including the widely used tokio-tar. The flaw allows unauthenticated attackers to execute arbitrary code remotely by exploiting a logic error in how the library processes TAR archives. A Desynchronization

ColdRiver Deploys ClickFix Attacks and Fake CAPTCHAs in New Campaign

ColdRiver Deploys ClickFix Attacks and Fake CAPTCHAs in New Campaign

Researchers from Google Threat Intelligence Group (GTIG) report that the Russian-speaking threat actor ColdRiver has stepped up its activity, adopting new malware families—NoRobot, YesRobot, and MaybeRobot—delivered through complex, socially engineered ClickFix attacks. How ClickFix Works ClickFix attacks rely heavily on social engineering. Victims are lured to malicious websites

Court Bans NSO Group from Targeting WhatsApp Users with Pegasus Spyware

Court Bans NSO Group from Targeting WhatsApp Users with Pegasus Spyware

A U.S. federal court has permanently banned Israeli spyware developer NSO Group—creator of the infamous Pegasus surveillance tool—from using its software to attack or monitor WhatsApp users. Pegasus, sold as “lawful surveillance software,” has long been marketed to governments for counterterrorism and criminal investigations. However, the spyware

PassiveNeuron Targets Windows Servers in Global Attack Campaign

PassiveNeuron Targets Windows Servers in Global Attack Campaign

Researchers from Kaspersky Lab have uncovered a new wave of PassiveNeuron infections that ran from December 2024 to August 2025, targeting government, financial, and industrial organizations across Asia, Africa, and Latin America. The campaign’s most notable feature is its focus on Windows Server operating systems, which form the backbone