The Exploit Post

Sign in Subscribe

Latest

Over 40 Firefox Extensions Caught Stealing Cryptocurrency

Over 40 Firefox Extensions Caught Stealing Cryptocurrency

Security researchers have uncovered more than 40 malicious browser extensions on the official Firefox Add-ons Store, all disguised as legitimate cryptocurrency wallets. These fraudulent extensions were designed to steal users’ private keys, seed phrases, and sensitive wallet data, exposing victims to full asset compromise. Key Findings Fake Wallet Extensions The

Critical Vulnerability in WordPress Plugin Forminator Threatens 400,000+ Websites

Critical Vulnerability in WordPress Plugin Forminator Threatens 400,000+ Websites

A severe vulnerability has been discovered in the popular WordPress plugin Forminator, enabling attackers to delete arbitrary files from a site’s server—potentially resulting in a full site takeover. The flaw affects all versions up to 1.44.2 and places hundreds of thousands of websites at immediate risk.

Microsoft Defender for Office 365 to Block Email Bombing Attacks

Microsoft Defender for Office 365 to Block Email Bombing Attacks

Microsoft has announced a major security update to its cloud-based protection platform, Defender for Office 365. The new feature will automatically detect and block email bombing attacks, a growing tactic used by threat actors to overwhelm inboxes and obscure real threats. What Is Defender for Office 365? Formerly known as

Pirate IPTV Services Advertised on Eurostat’s Official Website

Pirate IPTV Services Advertised on Eurostat’s Official Website

In a bizarre and troubling incident, pirate IPTV services were promoted via Eurostat’s official website, raising questions about platform security and how easily AI systems can be misled. Eurostat, the European Union’s statistical office, is closely tied to the European Commission—making the scam especially jarring. A Sophisticated

Vercel’s AI Tool “v0” Massively Abused to Create Fraudulent Pages

Vercel’s AI Tool “v0” Massively Abused to Create Fraudulent Pages

Researchers at Okta have uncovered a disturbing new trend: unknown threat actors are abusing Vercel’s generative AI tool, v0, to create fraudulent webpages that mimic legitimate login portals—part of a broader campaign to scale phishing attacks using generative AI. What Is v0 and How It’s Being Misused

US Authorities Impose Sanctions on Aeza Group Hosting and Its Operators

US Authorities Impose Sanctions on Aeza Group Hosting and Its Operators

The U.S. Department of the Treasury has imposed sanctions on Aeza Group, a Russian-based “bulletproof” hosting provider, along with four of its top operators. According to U.S. officials, Aeza’s infrastructure was actively used by ransomware gangs, information-stealing malware operators, and darknet marketplaces. Allegations and Sanctions The sanctions

Crypto Investment Scammers Launder Over $540 Million, Spanish Authorities Arrest Five

Crypto Investment Scammers Launder Over $540 Million, Spanish Authorities Arrest Five

Spanish police have arrested five suspects accused of laundering more than $540 million through fraudulent cryptocurrency investment schemes that defrauded over 5,000 victims worldwide. The case, supported by Europol and law enforcement agencies in Estonia, France, and the United States, highlights the growing scale and sophistication of crypto-enabled financial