The Exploit Post

Sign in Subscribe

Latest

Zero-Day Vulnerability Discovered in RasMan; Only Unofficial Patch Available

Zero-Day Vulnerability Discovered in RasMan; Only Unofficial Patch Available

A zero-day vulnerability in Windows Remote Access Connection Manager (RasMan) enables denial-of-service attacks and, when combined with another flaw, privilege escalation. Microsoft hasn't released a patch, but Acros Security published a free temporary fix through its 0patch platform. RasMan is a Windows system service that starts automatically, runs

Apple Patches Actively Exploited WebKit Bugs

Apple Patches Actively Exploited WebKit Bugs

Apple shipped emergency security patches for two zero-day vulnerabilities targeting WebKit, the browser engine that powers Safari and all iOS browsers. The company confirmed both flaws were exploited in attacks against specific individuals. The vulnerabilities—CVE-2025-43529 (unrated) and CVE-2025-14174 (CVSS 8.8)—were used together in a single incident. Apple

Unpatched Vulnerability in Gogs Leads to Compromise of 700 Servers

Unpatched Vulnerability in Gogs Leads to Compromise of 700 Servers

A zero-day vulnerability in the popular self-hosted Git repository service Gogs allows attackers to execute arbitrary code remotely, leading to the compromise of hundreds of servers worldwide. Gogs is written in Go and is positioned as an alternative to GitLab or GitHub Enterprise. Many developers and companies make their Gogs

Three New Tools Added in Kali Linux 2025.4

Three New Tools Added in Kali Linux 2025.4

Kali Linux closed 2025 with version 2025.4, the distribution's final release for the year. The update delivers three new penetration testing tools, desktop environment improvements, and expanded hardware support through Wayland integration. The release centers on three desktop environment updates. GNOME 49 brings updated themes, the Showtime

Phishing Service 'Spiderman' Targets European Banks and Crypto Services

Phishing Service 'Spiderman' Targets European Banks and Crypto Services

Researchers from Varonis have discovered a new Phishing-as-a-Service (PhaaS) platform called Spiderman, which targets users of banks and cryptocurrency services in Europe. Attackers use the service to create copies of legitimate websites to steal login credentials, two-factor authentication (2FA) codes, and bank card information. Per the researchers, the platform targets

Three PCIe Vulnerabilities Lead to Data Leaks, Privilege Escalation, or DoS Attacks

Three PCIe Vulnerabilities Lead to Data Leaks, Privilege Escalation, or DoS Attacks

Three vulnerabilities have been discovered in the PCIe IDE protocol specification. However, exploiting these issues requires physical access to the equipment, so the threat is assessed as low. The problems affect the PCIe Base Specification Revision 5.0 and later versions in the protocol mechanism introduced in the Engineering Change

Google Patches Mysterious Chrome 0-Day That Doesn't Even Have a CVE

Google Patches Mysterious Chrome 0-Day That Doesn't Even Have a CVE

Google developers have released emergency patches for the Chrome browser, fixing another zero-day vulnerability already being actively exploited by attackers. This marks the eighth such issue since the beginning of the year—but this time, virtually no details are known. The company has released fixes for Chrome on Windows (version