The Exploit Post

Sign in Subscribe

Latest

Critical Vulnerability in NVIDIA Container Toolkit Threatens Cloud AI Services

Critical Vulnerability in NVIDIA Container Toolkit Threatens Cloud AI Services

Security researchers at Wiz have uncovered a critical flaw in the NVIDIA Container Toolkit, warning that it poses a significant threat to GPU-accelerated workloads across managed cloud AI platforms. The vulnerability—dubbed NvidiaScape and tracked as CVE-2025-23266 (CVSS score: 9.0)—was first demonstrated by the Wiz team at the

Wrapping Up: Time to Take AI Security Seriously

Wrapping Up: Time to Take AI Security Seriously

The Model Context Protocol is a game-changer — no doubt about it. It makes AI smarter, more capable, and more useful than ever. But with that power comes risk. Big risk. MCP doesn’t just connect models to tools. It connects them to everything: your data, your systems, your workflows, your

MCP Security Best Practices: What You Can Actually Do

MCP Security Best Practices: What You Can Actually Do

All these risks might sound overwhelming — and they are. But that doesn’t mean you’re defenseless. The best defense is knowing how these attacks work and setting guardrails before bad actors get creative. Here’s a field-tested list of security practices for anyone building with the Model Context Protocol:

GhostContainer Backdoor Attacks Microsoft Exchange Servers

GhostContainer Backdoor Attacks Microsoft Exchange Servers

Researchers at Kaspersky Lab have uncovered a sophisticated new malware strain named GhostContainer, which leverages open-source tools to target Microsoft Exchange servers. Believed to be part of an advanced cyber espionage campaign, the backdoor appears to focus on high-value organizations in Asia—particularly those in government and high-tech sectors. Discovery

Proxy Trickster Group Attacks Nearly 900 Servers Across 58 Countries

Proxy Trickster Group Attacks Nearly 900 Servers Across 58 Countries

Security experts at Solar 4RAYS, a division of the Solar Group, have identified a previously unknown hacker collective named Proxy Trickster. This group has been quietly compromising servers across the globe—targeting 874 systems in 58 countries over the span of a year, including several in Russia. Discovery and Attack

Other Risks and Attack Vectors in the MCP Ecosystem

Other Risks and Attack Vectors in the MCP Ecosystem

As powerful as the Model Context Protocol (MCP) is, it also opens up a long list of new ways for attackers to mess with your AI systems. Think of each tool your model can call — each plugin, each API, each server — as a potential door into your system. Some of

Scammers Find a Way to Bypass FIDO Multi-Factor Authentication

Scammers Find a Way to Bypass FIDO Multi-Factor Authentication

The operators behind the PoisonSeed phishing campaign have uncovered a way to bypass FIDO2 authentication—specifically, FIDO2 with WebAuthn—by abusing the cross-device authentication feature built into the protocol. Rather than exploiting a technical vulnerability, attackers trick victims into voluntarily approving malicious login attempts originating from spoofed corporate portals. What