The Exploit Post

Sign in Subscribe

Latest

HTTP/2 Vulnerability "MadeYouReset" Can Be Used for Large-Scale DDoS Attacks

HTTP/2 Vulnerability "MadeYouReset" Can Be Used for Large-Scale DDoS Attacks

A newly disclosed vulnerability in several HTTP/2 implementations, dubbed MadeYouReset, can be exploited to launch powerful distributed denial-of-service (DDoS) attacks. Scope of the Vulnerability Researchers from Imperva, Deepness Lab, and Tel Aviv University confirmed that the flaw has been assigned the primary identifier CVE-2025-8671. However, the issue is broad

Media Reports: U.S. Secretly Embedding Trackers in Shipments of Nvidia and AMD AI Chips

Media Reports: U.S. Secretly Embedding Trackers in Shipments of Nvidia and AMD AI Chips

U.S. authorities are reportedly embedding covert tracking devices in shipments of advanced AI chips to detect and prevent their illegal diversion to China. According to Reuters, which cited anonymous sources, the tactic targets select hardware shipments from companies including Dell, Supermicro, Nvidia, and AMD. The trackers are designed to

Turkish Crypto Exchange BtcTurk Halts Operations Following Suspected $49 Million Theft

Turkish Crypto Exchange BtcTurk Halts Operations Following Suspected $49 Million Theft

BtcTurk, one of Turkey’s largest cryptocurrency platforms, has temporarily suspended deposits and withdrawals after detecting suspicious outflows totaling an estimated $49 million. Founded in 2013 in Istanbul, BtcTurk is widely recognized as Turkey’s first crypto trading platform and gained national prominence in 2020 as a major sponsor of

F6 Experts Investigate Kinsing Group’s Attacks on Russian Companies

F6 Experts Investigate Kinsing Group’s Attacks on Russian Companies

In Q2 2025, researchers identified a wave of cyberattacks targeting Russian companies in the finance, logistics, and telecom sectors. The activity was linked to the Kinsing hacking group—also known as H2Miner and Resourceful Wolf—whose primary objective was to infect victim systems with Kinsing malware and deploy XMRig for

Gemini Could Leak User Data Through Google Calendar

Gemini Could Leak User Data Through Google Calendar

Google has patched a vulnerability that allowed malicious Google Calendar invitations to remotely control Gemini agents running on a victim’s device and exfiltrate sensitive data. Gemini is Google’s large language model (LLM), integrated into Android, Google web services, and Google Workspace applications, with direct access to Gmail, Calendar,

Lenovo Webcams Could Be Weaponized in BadUSB-Style Attacks

Lenovo Webcams Could Be Weaponized in BadUSB-Style Attacks

Security researchers at Eclypsium have demonstrated a novel attack dubbed “BadCam” at DEF CON 33, revealing vulnerabilities in certain Lenovo webcam models that can be remotely repurposed as BadUSB attack tools. Key Details of the BadCam Attack (CVE-2025-4371) * First real-world demonstration of remotely hijacking Linux-based USB peripherals for malicious purposes.

Dozens of Docker Hub Images Still Infected with xz Utils Backdoor

Dozens of Docker Hub Images Still Infected with xz Utils Backdoor

Security analysts at Binarly have identified at least 35 Docker Hub images still infected with the backdoor that compromised xz Utils last year. Researchers warn this poses a serious supply chain risk to users, organizations, and their data. Supply Chain Risk in CI/CD Pipelines Many CI/CD pipelines, developers,