The Exploit Post

Sign in Subscribe

Latest

Anthropic Finds That Just 250 Malicious Documents Can Poison a Large Language Model

Anthropic Finds That Just 250 Malicious Documents Can Poison a Large Language Model

Researchers at Anthropic, working with the UK government’s AI Safety Institute, the Alan Turing Institute, and several academic partners, have demonstrated that as few as 250 maliciously crafted documents are enough to poison a large language model (LLM) — causing it to produce incoherent text whenever it encounters a specific

SonicWall Confirms Breach Exposed Firewall Configurations from All Cloud Backup Users

SonicWall Confirms Breach Exposed Firewall Configurations from All Cloud Backup Users

SonicWall has confirmed that the data breach reported last month compromised firewall configuration backups for all customers who used its cloud backup service, overturning earlier statements that suggested only a limited subset of users were affected. The exposed data comes from MySonicWall, the company’s customer portal used for product

The RondoDox Botnet Exploits 56 Vulnerabilities Across Dozens of Devices

The RondoDox Botnet Exploits 56 Vulnerabilities Across Dozens of Devices

Security researchers have uncovered a large-scale botnet dubbed RondoDox, which exploits 56 vulnerabilities across more than 30 types of internet-connected devices — including flaws first demonstrated at the Pwn2Own hacking competition. The campaign targets a wide spectrum of hardware such as digital and network video recorders (DVRs/NVRs), IP cameras, and

The Mic-E-Mouse attack turns an ordinary mouse into a listening device

The Mic-E-Mouse attack turns an ordinary mouse into a listening device

Researchers at the University of California, Irvine (UC Irvine) have demonstrated a surprising side-channel attack: high-DPI optical mice can pick up surface vibrations caused by speech, allowing attackers to reconstruct nearby words with troubling accuracy. Modern gaming and professional mice use ultra-sensitive optical sensors (20,000 DPI and above) that

Android Spyware “ClayRat” Targets Russian Users While Masquerading as WhatsApp, TikTok, and YouTube

Android Spyware “ClayRat” Targets Russian Users While Masquerading as WhatsApp, TikTok, and YouTube

A new strain of Android spyware called ClayRat is impersonating popular apps such as WhatsApp, Google Photos, TikTok, and YouTube to infect users in Russia. The malware is distributed through Telegram channels and phishing sites, stealing SMS messages, call logs, notifications, photos, and even placing calls on the victim’s

A Vulnerability in Figma MCP Allowed Remote Code Execution Overview

A Vulnerability in Figma MCP Allowed Remote Code Execution Overview

Researchers from Imperva have disclosed details about a now-patched vulnerability in the Figma developer MCP (Model Context Protocol) server. The flaw allowed remote attackers to execute arbitrary code and was assigned CVE-2025-53967 with a CVSS score of 7.5. Technical Details The issue stemmed from unsanitized user input, resulting in

Clop Attacks Oracle E-Business Suite Users with 0-Day Vulnerability

Clop Attacks Oracle E-Business Suite Users with 0-Day Vulnerability

Last week, Oracle warned customers about a critical 0-day vulnerability in its E-Business Suite (CVE-2025-61882) that allows remote execution of arbitrary code without authentication. It has now been confirmed that the Clop ransomware group has been actively exploiting this flaw in real-world attacks since August 2025. 0-Day Under Active Exploitation