The Exploit Post

Sign in Subscribe

Latest

Operation Endgame: Law Enforcement Takes Down Over 1,000 Servers for Rhadamanthys, VenomRAT, and Elysium

Operation Endgame: Law Enforcement Takes Down Over 1,000 Servers for Rhadamanthys, VenomRAT, and Elysium

Law enforcement agencies from nine countries have dismantled over 1,000 servers used by the Rhadamanthys info-stealer, VenomRAT trojan, and Elysium botnet. This represents the latest phase of Operation Endgame, an international campaign against cybercrime coordinated by Europol and Eurojust. International Cooperation The operation brought together agencies from Australia, Canada,

Android-Based Digital Photo Frames Load Malware During Startup

Android-Based Digital Photo Frames Load Malware During Startup

Security researchers have discovered that Uhale digital photo frames running Android contain multiple critical vulnerabilities. Even more concerning, some models automatically download and execute malware during the boot process. Discovery and Disclosure Attempt Researchers from Quokka, a mobile security firm, analyzed the Uhale application and identified activity linked to two

Hackers Used Citrix and Cisco ISE Zero-Day Vulnerabilities in Their Attacks

Hackers Used Citrix and Cisco ISE Zero-Day Vulnerabilities in Their Attacks

Amazon's threat intelligence team has uncovered attacks exploiting two critical zero-day vulnerabilities: CVE-2025-5777 (dubbed "Citrix Bleed 2") in NetScaler ADC/Gateway and CVE-2025-20337 in Cisco Identity Services Engine (ISE). The findings reveal that attackers were exploiting these flaws weeks before the vendors disclosed them or released

Microsoft Patches Zero-Day Vulnerability in Windows Kernel

Microsoft Patches Zero-Day Vulnerability in Windows Kernel

This week, Microsoft released its November security updates, addressing 63 vulnerabilities across its product line. The most serious among them is CVE-2025-62215, a zero-day flaw in the Windows kernel that attackers are actively exploiting in the wild. Patch Tuesday Overview Four vulnerabilities received Critical severity ratings, while 59 were classified

Malware in npm Registry Turns Out to Be GitHub's Own Red Team Exercise

Malware in npm Registry Turns Out to Be GitHub's Own Red Team Exercise

Researchers from Veracode discovered a malicious npm package named acitons/artifact that masqueraded as the legitimate actions/artifact package and targeted GitHub's own repositories. However, the "attack" turned out to be an internal Red Team exercise conducted by GitHub itself—one that inadvertently exposed the public

Google Sues Developers of Lighthouse Phishing Kit

Google Sues Developers of Lighthouse Phishing Kit

Google has filed a lawsuit against the operators of Lighthouse, a phishing-as-a-service (PhaaS) platform that cybercriminals worldwide use to steal bank card data. The attackers primarily operate through SMS messages, impersonating the United States Postal Service (USPS) and the E-ZPass toll payment system. Scale of the Operation According to Google&

Rhadamanthys Stealer Disrupted: Evidence Points to Law Enforcement Operation

Rhadamanthys Stealer Disrupted: Evidence Points to Law Enforcement Operation

Cybersecurity specialists report that dozens of customers using the Rhadamanthys info-stealer are complaining about sudden loss of access to their malware servers. The disruption appears consistent with a law enforcement takedown operation. What is Rhadamanthys? Rhadamanthys is a popular info-stealer among criminals, operating on a Malware-as-a-Service (MaaS) business model. The