The Exploit Post

Sign in Subscribe

Latest

Court Bans NSO Group from Targeting WhatsApp Users with Pegasus Spyware

Court Bans NSO Group from Targeting WhatsApp Users with Pegasus Spyware

A U.S. federal court has permanently banned Israeli spyware developer NSO Group—creator of the infamous Pegasus surveillance tool—from using its software to attack or monitor WhatsApp users. Pegasus, sold as “lawful surveillance software,” has long been marketed to governments for counterterrorism and criminal investigations. However, the spyware

PassiveNeuron Targets Windows Servers in Global Attack Campaign

PassiveNeuron Targets Windows Servers in Global Attack Campaign

Researchers from Kaspersky Lab have uncovered a new wave of PassiveNeuron infections that ran from December 2024 to August 2025, targeting government, financial, and industrial organizations across Asia, Africa, and Latin America. The campaign’s most notable feature is its focus on Windows Server operating systems, which form the backbone

DNS0.eu Shuts Down, Citing Lack of Time and Resources

DNS0.eu Shuts Down, Citing Lack of Time and Resources

The non-profit DNS service DNS0.eu, designed to provide secure and privacy-focused DNS resolution for European users, has officially shut down. The project’s operators announced that the service has been discontinued due to limited time and resources. Based in France, DNS0.eu was built as a fault-tolerant European infrastructure,

PolarEdge Botnet Targets Cisco, ASUS, QNAP and Synology Devices

PolarEdge Botnet Targets Cisco, ASUS, QNAP and Synology Devices

Researchers at Sekoia have mapped the internal structure of the PolarEdge botnet, a modular backdoor campaign that consolidates infected networking and NAS devices into a distributed botnet. First described in February 2025, PolarEdge has since been linked to attacks against Cisco, ASUS, QNAP, and Synology hardware; however, the operators’ ultimate

Microsoft Patches the Most Severe ASP.NET Vulnerability on Record

Microsoft Patches the Most Severe ASP.NET Vulnerability on Record

Microsoft has fixed what experts are calling the most severe ASP.NET vulnerability in history—a critical flaw rated 9.9 out of 10 on the CVSS scale. The vulnerability, tracked as CVE-2025-55315, affects the ASP.NET Core Kestrel web server and stems from an HTTP request smuggling weakness. The

GlassWorm Worm Discovered in OpenVSX and VS Code

GlassWorm Worm Discovered in OpenVSX and VS Code

Koi Security researchers have uncovered a large-scale supply chain attack targeting both OpenVSX and the Visual Studio Code Marketplace. The attackers are distributing self-replicating malware known as GlassWorm, which has already been installed roughly 35,800 times. Infected Extensions Researchers identified twelve compromised extensions — eleven hosted on OpenVSX and one

October Update Breaks USB Functionality in Windows Recovery Mode

October Update Breaks USB Functionality in Windows Recovery Mode

Microsoft has confirmed that its October security update disables USB input devices in the Windows Recovery Environment (WinRE), rendering wired mice and keyboards unusable during system recovery. What Happened The issue stems from the October 2025 cumulative update KB5066835, which introduces a bug that prevents USB peripherals from functioning inside