The Exploit Post

Sign in Subscribe

Latest

Trojan.Scavenger Disguised as Game Cheats and Mods Steals Crypto Wallets and Passwords

Trojan.Scavenger Disguised as Game Cheats and Mods Steals Crypto Wallets and Passwords

Dr. Web researchers have discovered a stealthy new malware family, Trojan.Scavenger, designed to steal data from cryptocurrency wallets (MetaMask, Phantom, Slush, Exodus) and password managers (Bitwarden, LastPass). The malware targets Windows users and abuses a known technique: DLL Search Order Hijacking, where malicious files are loaded in place of

Ransom Group World Leaks Hacks Dell Test Environment—But Steals Fake Data

Ransom Group World Leaks Hacks Dell Test Environment—But Steals Fake Data

The extortion group World Leaks claimed to have breached Dell’s systems and stolen 1.3 TB of sensitive information—but Dell confirmed the attackers only accessed synthetic data from a demo environment, rendering the theft meaningless. What Happened? World Leaks infiltrated Dell’s Customer Solution Centers, a sandboxed platform

F6 Helps Disrupt Infrastructure of Hack Group NyashTeam

F6 Helps Disrupt Infrastructure of Hack Group NyashTeam

Cyber threat analysts at F6 have uncovered and helped dismantle a large domain network operated by NyashTeam, a Malware-as-a-Service (MaaS) group that provides malicious tools and hosting infrastructure to cybercriminals. The group’s services have facilitated attacks in over 50 countries, including Russia, and have now been significantly disrupted following

Critical Vulnerability in NVIDIA Container Toolkit Threatens Cloud AI Services

Critical Vulnerability in NVIDIA Container Toolkit Threatens Cloud AI Services

Security researchers at Wiz have uncovered a critical flaw in the NVIDIA Container Toolkit, warning that it poses a significant threat to GPU-accelerated workloads across managed cloud AI platforms. The vulnerability—dubbed NvidiaScape and tracked as CVE-2025-23266 (CVSS score: 9.0)—was first demonstrated by the Wiz team at the

Wrapping Up: Time to Take AI Security Seriously

Wrapping Up: Time to Take AI Security Seriously

The Model Context Protocol is a game-changer — no doubt about it. It makes AI smarter, more capable, and more useful than ever. But with that power comes risk. Big risk. MCP doesn’t just connect models to tools. It connects them to everything: your data, your systems, your workflows, your

MCP Security Best Practices: What You Can Actually Do

MCP Security Best Practices: What You Can Actually Do

All these risks might sound overwhelming — and they are. But that doesn’t mean you’re defenseless. The best defense is knowing how these attacks work and setting guardrails before bad actors get creative. Here’s a field-tested list of security practices for anyone building with the Model Context Protocol:

GhostContainer Backdoor Attacks Microsoft Exchange Servers

GhostContainer Backdoor Attacks Microsoft Exchange Servers

Researchers at Kaspersky Lab have uncovered a sophisticated new malware strain named GhostContainer, which leverages open-source tools to target Microsoft Exchange servers. Believed to be part of an advanced cyber espionage campaign, the backdoor appears to focus on high-value organizations in Asia—particularly those in government and high-tech sectors. Discovery