The Exploit Post

Sign in Subscribe

Latest

SAP NetWeaver Vulnerability Exploited to Deploy Linux Malware Auto-Color

SAP NetWeaver Vulnerability Exploited to Deploy Linux Malware Auto-Color

Darktrace researchers have uncovered a targeted cyberattack in which threat actors exploited a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy the Linux malware Auto-Color into the network of an unnamed U.S.-based chemical company. The breach was detected in April 2025. Subsequent analysis revealed that Auto-Color has undergone significant

Hackers Embedded a Raspberry Pi into a Bank’s Network in Attempted Robbery

Hackers Embedded a Raspberry Pi into a Bank’s Network in Attempted Robbery

A hacker group known as UNC2891—also tracked as LightBasin—attempted to rob a bank using a 4G-enabled Raspberry Pi cleverly hidden inside a branch. According to a report from Group-IB, the attackers connected the single-board computer to the same network switch as an ATM. This gave them a direct

French Telecom Giant Orange Reports Cybersecurity Breach

French Telecom Giant Orange Reports Cybersecurity Breach

Orange, one of the world’s largest telecommunications providers, has confirmed a cybersecurity breach involving one of its internal systems. The company says the threat has been contained, though the incident caused temporary service disruptions in France. Key Details * Discovery Date: July 25, 2025 * Response: Breached system was isolated by

PyPI Warns Developers About Ongoing Phishing Attacks

PyPI Warns Developers About Ongoing Phishing Attacks

The maintainers of the Python Package Index (PyPI) have issued a warning about a widespread phishing campaign targeting Python developers. Attackers are impersonating PyPI in an effort to steal login credentials by redirecting users to malicious lookalike websites. How the Attack Works Developers are receiving phishing emails with the subject

Tea App Exposes Users' Private Data and Messages in Major Leaks

Tea App Exposes Users' Private Data and Messages in Major Leaks

The women-focused platform Tea has suffered two serious data breaches—first, an unsecured Firebase database containing users’ personal data was posted to 4chan, followed days later by a second leak exposing over 1.1 million private messages exchanged on the app. What Is Tea? Tea bills itself as a private,

Popular npm Packages Hacked to Spread Malware

Popular npm Packages Hacked to Spread Malware

In recent weeks, several open-source developers have fallen victim to phishing attacks, leading to malware being injected into widely used npm packages—some of which receive over 30 million downloads per week. Toptal Incident: Internal Tools Turned Attack Vectors On July 20, 2025, cybersecurity firm Socket reported the compromise of

Malware Found in Official Endgame Gear Mouse Software

Malware Found in Official Endgame Gear Mouse Software

Gaming hardware manufacturer Endgame Gear has confirmed that malware was embedded in the official configuration tool for its OP1w 4k v2 mouse, which was hosted on the company’s website between June 26 and July 9, 2025. Discovery and Initial Reports The first signs of trouble emerged on Reddit, where