The Exploit Post

Sign in Subscribe

Latest

Chrome Patches Actively Exploited Sandbox Escape Vulnerability

Chrome Patches Actively Exploited Sandbox Escape Vulnerability

Google has released patches for six security vulnerabilities in its Chrome browser, including a critical sandbox escape flaw that has already been exploited in the wild. The vulnerability, tracked as CVE-2025-6558 and assigned a CVSS score of 8.8, was discovered by Clément Lecigne and Vlad Stolyarov of Google’s

Konfety Malware APKs Distorted to Evade Detection

Konfety Malware APKs Distorted to Evade Detection

Security researchers have discovered a new variant of the Android malware Konfety that uses a corrupted ZIP structure and advanced obfuscation techniques to bypass static analysis and evade detection by security tools. Masquerading as Legitimate Apps Konfety disguises itself as legitimate Android applications, closely mimicking the look and feel of

Law Enforcement Shuts Down Diskstation Ransomware Group Targeting NAS Devices

Law Enforcement Shuts Down Diskstation Ransomware Group Targeting NAS Devices

Law enforcement agencies have dismantled the Diskstation ransomware group, a Romanian cybercriminal gang responsible for crippling the operations of multiple companies in Italy by encrypting their systems and demanding ransom payments. The international operation—codenamed "Operation Elicius"—was led by Europol, with support from police forces in France

Malware ‘XORIndex’ Found in 67 Malicious npm Packages Linked to North Korean Hackers

Malware ‘XORIndex’ Found in 67 Malicious npm Packages Linked to North Korean Hackers

North Korean hackers have uploaded 67 malicious packages to the npm registry, spreading a new malware loader dubbed XORIndex. According to cybersecurity firm Socket, these packages were downloaded over 17,000 times before being discovered and taken down. The operation is part of an ongoing campaign known as Contagious Interview,

British Police Arrest Four in Connection with Cyberattacks on Major Retailers

British Police Arrest Four in Connection with Cyberattacks on Major Retailers

The UK’s National Crime Agency (NCA) has arrested four individuals suspected of carrying out cyberattacks against prominent British retailers, including Marks & Spencer, Co-op, and Harrods. The suspects—two 19-year-old men, a 17-year-old minor, and a 20-year-old woman—were detained in coordinated operations across London and the West Midlands.

Interlock Ransomware Group Delivers Malware Using New 'FileFix' Technique

Interlock Ransomware Group Delivers Malware Using New 'FileFix' Technique

The ransomware group Interlock is deploying a Remote Access Trojan (RAT) via compromised websites, using a novel social engineering method known as FileFix for malware delivery. ClickFix Attacks: A Growing Threat FileFix is a variant of the broader ClickFix attack technique, which leverages social engineering to trick victims into infecting

Bug in Railroad Protocol Allows Trains to Be Stopped Using SDR

Bug in Railroad Protocol Allows Trains to Be Stopped Using SDR

In 2012, independent cybersecurity researcher Neil Smith uncovered a critical flaw in a railroad communication protocol and reported it to the U.S. government. His warnings, however, were largely ignored for over a decade. That changed last week, when the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an