The Exploit Post

Sign in Subscribe

Latest

Huntress Specialists Tracked a Hacker Who Installed Their Product

Huntress Specialists Tracked a Hacker Who Installed Their Product

Last week, cybersecurity company Huntress published research stemming from an unusual event: a hacker had installed a trial version of its endpoint detection and response (EDR) tool. What began as a rare chance to monitor attacker behavior from the inside soon sparked debate, as critics questioned the level of access

HybridPetya Ransomware Can Bypass UEFI Secure Boot

HybridPetya Ransomware Can Bypass UEFI Secure Boot

ESET researchers have uncovered a new strain of ransomware, dubbed HybridPetya, capable of bypassing UEFI Secure Boot protections to install a malicious application in the EFI system partition. The malware appears to take inspiration from the destructive Petya/NotPetya campaigns of 2016–2017, which crippled systems by encrypting data with

Critical Chrome Vulnerability Earns Specialist $43,000

Critical Chrome Vulnerability Earns Specialist $43,000

Google has patched a critical use-after-free vulnerability in the Chrome browser that could have allowed remote code execution. The cybersecurity specialist who discovered the flaw received a $43,000 reward through Google’s bug bounty program. This week’s Chrome update fixed two vulnerabilities reported by external researchers. The critical

GhostAction Attack Led to the Exposure of 3,325 Secrets

GhostAction Attack Led to the Exposure of 3,325 Secrets

Another significant supply chain attack, dubbed GhostAction, has been uncovered. This campaign targeted GitHub repositories and resulted in the theft of 3,325 secrets—including PyPI, npm, DockerHub, and GitHub tokens, as well as Cloudflare and AWS API keys. How the Attack Was Discovered The breach was first identified by

Company Specializing in DDoS Protection Hit by an Attack Reaching 1.5 Billion Packets Per Second

Company Specializing in DDoS Protection Hit by an Attack Reaching 1.5 Billion Packets Per Second

A European company specializing in DDoS protection has itself become the target of an unprecedented attack, which peaked at 1.5 billion packets per second (PPS). According to FastNetMon, which assisted in mitigating the incident, the attack originated from thousands of compromised IoT devices and MikroTik routers. One of the

US Leads Global Market in Spyware Investments

US Leads Global Market in Spyware Investments

The spyware industry is in the midst of a boom, with investors increasingly drawn to this ethically fraught yet highly profitable sector, according to new research by the Atlantic Council. The majority of funding is flowing to companies in the United States and Israel, with American investment in spyware tripling

Over 600 Domains Distributing the Android Trojan DeliveryRAT Blocked

Over 600 Domains Distributing the Android Trojan DeliveryRAT Blocked

Specialists from F6 and RuStore report that they have discovered and blocked 604 domains tied to infrastructure used by hackers to spread the DeliveryRAT Trojan. The malware was disguised as popular food delivery apps, online marketplaces, banking services, and package tracking applications. Origins of DeliveryRAT In the summer of 2024,