The Exploit Post

Sign in Subscribe

Latest

W3 Total Cache Vulnerability: Update Mandatory

W3 Total Cache Vulnerability: Update Mandatory

Vulnerability in WordPress Plugin W3 Total Cache Allows PHP Command Injection A critical vulnerability, CVE-2025-9501, has been discovered in the popular WordPress plugin W3 Total Cache. This flaw allows arbitrary PHP commands to be executed on the server without authentication. To carry out an attack, an attacker need only post

Austrian Researchers Collected Personal Data of 3.5 Billion WhatsApp Users

Austrian Researchers Collected Personal Data of 3.5 Billion WhatsApp Users

Researchers from the University of Vienna announced that they discovered a vulnerability in WhatsApp that allowed them to collect data on more than 3.5 billion users. In their assessment, this could represent the largest data leak in history. Exploitation Methodology The report's authors note that WhatsApp allows

Malicious Actors Exploit RCE Vulnerability in 7-Zip

Malicious Actors Exploit RCE Vulnerability in 7-Zip

NHS England Digital is warning about active exploitation of vulnerability CVE-2025-11001 in the 7-Zip archiver. Users are urged to update to version 25.00, released in July 2025. Vulnerability Details CVE-2025-11001 (CVSS score: 7.0) involves improper handling of symbolic links in ZIP files. A specially crafted archive can force

Hackers Deface Website of DPI Technology Provider Protei and Claim Leak of 182 GB of Data

Hackers Deface Website of DPI Technology Provider Protei and Claim Leak of 182 GB of Data

An unknown hacker group claims to have breached the servers of telecommunications company Protei and stolen approximately 182 gigabytes of data, including several years of email correspondence. The attackers, whose motives remain unclear, also defaced the company's website with a profane message. Company Background Per TechCrunch reporting, Protei

Approximately 50,000 Asus Routers Compromised in WrtHug Campaign

Approximately 50,000 Asus Routers Compromised in WrtHug Campaign

Researchers at SecurityScorecard have uncovered a large-scale malicious campaign called WrtHug, which has compromised approximately 50,000 Asus routers worldwide. Attackers are exploiting six known vulnerabilities, primarily targeting older models from the AC and AX series. Geographic Distribution and Attribution The majority of infected devices are located in Taiwan, with

Google Chrome Patches Zero-Day Vulnerability Already Exploited by Hackers

Google Chrome Patches Zero-Day Vulnerability Already Exploited by Hackers

Google has released an emergency patch for Chrome, fixing zero-day vulnerability CVE-2025-13223. This marks the seventh zero-day vulnerability exploited in real-world attacks and patched in the browser this year. The patched issue involves a type confusion error in the V8 JavaScript engine and WebAssembly. Clement Lecigne from Google's

Global Cloudflare Outage Caused by Configuration Error, Not Attack

Global Cloudflare Outage Caused by Configuration Error, Not Attack

Cloudflare CEO Matthew Prince has explained the cause of the massive outage that disrupted the company's global network and numerous websites on November 18, 2025. A database permission configuration error triggered the incident, though the company initially suspected a large-scale DDoS attack. Prince wrote that the problem occurred