The Exploit Post

Sign in Subscribe

Latest

DrayTek Patches RCE Vulnerability in Routers

DrayTek Patches RCE Vulnerability in Routers

DrayTek, a networking equipment manufacturer, has issued a warning about a critical vulnerability affecting several models of its Vigor routers. The flaw allows remote, unauthenticated attackers to execute arbitrary code on affected devices. The vulnerability, tracked as CVE-2025-10547, was discovered earlier this year by security researcher Pierre-Yves Maes of ChapsVision.

SharpUp

SharpUp

A tool for testing and improving the security of LLM applications: • Automatic evaluation of promptes and models • Vulnerability scanning • Model comparison • Integration with CI/CD

“Battering RAM” Attack Bypasses Security Features on Intel and AMD CPUs

Security researchers have unveiled a hardware attack, dubbed “Battering RAM,” that bypasses advanced memory protections on the latest Intel and AMD processors widely used in cloud infrastructure. While the findings are significant, both manufacturers note that the exploit requires physical access to the target system, limiting its practical threat. From

Researchers Reveal “Gemini Trifecta” Vulnerabilities in Google’s AI Assistant

Security researchers have disclosed details of three now-patched vulnerabilities in the Google Gemini AI assistant, collectively dubbed the “Gemini Trifecta.” If successfully exploited, the flaws could have tricked the AI into assisting in data theft and other malicious activities. The Three Vulnerabilities According to researchers at Tenable, the issues affected

Outlook Crash Error Can Only Be Fixed via Microsoft Support

Microsoft is investigating a bug that causes the classic Outlook email client to crash immediately upon launch. At present, the issue can only be resolved with assistance from Exchange Online support. Who Is Affected According to a recently published Microsoft document, the problem impacts Microsoft 365 customers using the classic

Critical Bug in WD My Cloud Allows Remote Command Injection

Critical Bug in WD My Cloud Allows Remote Command Injection

Western Digital has released firmware updates for multiple My Cloud NAS models to patch a critical vulnerability that could allow attackers to execute arbitrary commands remotely. The flaw, tracked as CVE-2025-30247, is a command injection vulnerability in the My Cloud user interface. It can be exploited through specially crafted HTTP

Crimson Collective Claims Theft of 570 GB of Data from Red Hat

Crimson Collective Claims Theft of 570 GB of Data from Red Hat

The ransomware group Crimson Collective claims to have stolen 570 GB of data from more than 28,000 internal Red Hat repositories. Company representatives have confirmed that one of its GitLab instances was compromised. According to the attackers, the stolen data includes approximately 800 Customer Engagement Reports (CERs), documents prepared