The Exploit Post

Sign in Subscribe

Latest

Critical Vulnerability in sudo Under Active Exploitation

Critical Vulnerability in sudo Under Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning that hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo utility, which allows commands to be executed with root-level privileges on Linux systems. The flaw was first identified by researchers at Stratascale in the summer

F-Droid Developers Criticize Google’s Restrictions on Sideloading Apps in Android

F-Droid Developers Criticize Google’s Restrictions on Sideloading Apps in Android

Google has announced that starting in 2026, only apps from verified developers will be installable on certified Android devices. While the company says the move will combat malware and financial fraud, developers behind the F-Droid project warn that the change threatens the very existence of alternative app stores. What F-Droid

UK Government to Allocate £1.5 Billion to Jaguar Land Rover After Cyberattack

UK Government to Allocate £1.5 Billion to Jaguar Land Rover After Cyberattack

The UK government will provide Jaguar Land Rover (JLR) with a state-backed loan guarantee worth £1.5 billion (USD $2 billion) to help the automaker restore its supply chain following a large-scale cyberattack that forced production to a halt. How the Support Works The loan will be issued by commercial

Hackers Asked a BBC Journalist to Help Them Hack the Company

Hackers Asked a BBC Journalist to Help Them Hack the Company

Operators of the Medusa ransomware group attempted to recruit a BBC journalist as an insider, offering him a large payout in exchange for helping launch a cyberattack against the broadcaster. The Approach Joe Tidy, a BBC cybersecurity correspondent, reported that the hackers wanted to use his laptop to infiltrate the

Akira Ransomware Campaign Against SonicWall Devices Bypasses MFA Protections

Akira Ransomware Campaign Against SonicWall Devices Bypasses MFA Protections

Experts from Arctic Wolf warn that the Akira ransomware group continues to refine its attacks on SonicWall SSL VPN devices. Alarmingly, hackers are successfully logging into accounts even when multi-factor authentication (MFA) with one-time passwords (OTP) is enabled. Researchers suspect that previously stolen OTP seed keys may be in use,

Fresh 0-day in GoAnywhere MFT (CVE-2025-10035) Is Being Actively Exploited

Fresh 0-day in GoAnywhere MFT (CVE-2025-10035) Is Being Actively Exploited

Security researchers warn that attackers are actively exploiting a critical vulnerability, CVE-2025-10035, in Fortra’s GoAnywhere MFT. The flaw, disclosed in mid-September 2025, permits remote command execution without authentication and is already being used in real attacks. What GoAnywhere MFT does — and why this matters GoAnywhere MFT is a managed

New XCSSET Malware Variant Targets macOS Xcode Developers

New XCSSET Malware Variant Targets macOS Xcode Developers

Microsoft Threat Intelligence specialists have identified a new variant of the XCSSET malware for macOS. This version introduces features for monitoring the system clipboard to intercept cryptocurrency transactions and employs new persistence methods to maintain a foothold on infected devices. Background on XCSSET XCSSET is modular malware designed for macOS