The Exploit Post

Sign in Subscribe

Latest

Popular Password Managers Vulnerable to Clickjacking

Popular Password Managers Vulnerable to Clickjacking

A new study has revealed that six of the most widely used password managers—together serving tens of millions of users—are vulnerable to clickjacking, a technique that could allow attackers to steal credentials, two-factor authentication (2FA) codes, and payment card data. Independent security researcher Marek Tóth disclosed the findings

Researchers Discover PromptLock — The First AI-Powered Ransomware

Researchers Discover PromptLock — The First AI-Powered Ransomware

Security specialists at ESET have uncovered an unusual piece of malware named PromptLock, described as the first known ransomware to leverage artificial intelligence. According to the researchers, PromptLock is not yet fully functional and appears to be in the development stage. Nonetheless, variants targeting both Windows and Linux have already

DDoS Attack on Arch Linux Disrupts Project’s Website, Repository, and Forums

DDoS Attack on Arch Linux Disrupts Project’s Website, Repository, and Forums

The Arch Linux team reports that it has been battling a sustained DDoS attack for more than a week, severely disrupting access to several of the project’s key resources. The attack, which began on August 16, has intermittently affected the Arch User Repository (AUR), the official website, the Wiki,

Researchers Hid Malicious AI Prompts in Tiny Images

Researchers Hid Malicious AI Prompts in Tiny Images

Security researchers at Trail of Bits have demonstrated a new type of attack that embeds malicious prompts into images, invisible to the human eye but capable of stealing user data when processed by AI systems. How the Attack Works The technique relies on high-resolution images with hidden prompts that only

Android to Ban Installation of Apps from Unverified Developers

Android to Ban Installation of Apps from Unverified Developers

Google has announced a major policy shift: beginning in 2026, only applications from verified developers will be installable on certified Android devices. The move is aimed at curbing malware distribution and financial fraud, and it will apply to apps installed from third-party sources as well as through sideloading. Scope of

Critical Vulnerability in Docker Desktop Allowed Host Compromise

Critical Vulnerability in Docker Desktop Allowed Host Compromise

A critical vulnerability in Docker Desktop for Windows and macOS made it possible to compromise the host system by running a malicious container—even when Enhanced Container Isolation (ECI) protection was enabled. The flaw, tracked as CVE-2025-9074 with a CVSS score of 9.3, is classified as a server-side request

Malware Downloaded Over 19 Million Times Removed from Google Play Store

Malware Downloaded Over 19 Million Times Removed from Google Play Store

Security researchers have uncovered a massive malware campaign on the Google Play Store, where 77 malicious Android applications—collectively downloaded more than 19 million times—were distributing multiple malware families. According to specialists at Zscaler, the surge included adware apps as well as more dangerous threats such as Joker, Harly,