The Exploit Post

Sign in Subscribe

Latest

Google Gemini Can Redirect Users to Phishing Sites

Google Gemini Can Redirect Users to Phishing Sites

Google Gemini for Workspace can be tricked into generating legitimate-looking email summaries that include malicious instructions, effectively redirecting users to phishing websites. This attack leverages hidden prompt injections embedded in emails—commands that Gemini unknowingly follows when summarizing messages. How the Attack Works Marco Figueroa, cybersecurity expert and manager of

GPUHammer: Rowhammer Attack Adapted for Nvidia GPUs

GPUHammer: Rowhammer Attack Adapted for Nvidia GPUs

Nvidia is urging users to enable System-Level Error-Correcting Code (ECC) after researchers demonstrated that GDDR6 memory in its GPUs is vulnerable to a variant of the infamous Rowhammer attack. “The risk of a successful Rowhammer exploit depends on the DRAM model, platform, architectural specifics, and system settings,” the company stated.

WordPress Plugin Gravity Forms Hacked – Backdoor Found in Official Installers

WordPress Plugin Gravity Forms Hacked – Backdoor Found in Official Installers

The popular WordPress plugin Gravity Forms has become the latest victim of a supply chain attack, with official installers from its website found to be infected with a dangerous backdoor. Gravity Forms is a premium plugin used to build contact forms, payment forms, and a wide range of other user-input

McDonald’s Recruiting AI Bot Exposed Millions of Applicants’ Data Due to Password “123456”

McDonald’s Recruiting AI Bot Exposed Millions of Applicants’ Data Due to Password “123456”

Renowned cybersecurity experts Sam Curry and Ian Carroll have uncovered a massive data exposure involving Olivia, the AI-powered chatbot McDonald’s uses to screen job applicants. The researchers found that a database tied to the bot contained over 64 million records, all exposed due to the use of the password

Extensions Turn Nearly a Million Browsers into Scraping Bots

Extensions Turn Nearly a Million Browsers into Scraping Bots

Chrome, Firefox, and Edge extensions—installed nearly a million times—are quietly turning users' browsers into commercial scraping tools, bypassing security measures and violating user trust. According to analysts at SecurityAnnex, a total of 245 malicious extensions have amassed approximately 909,000 downloads. While marketed for innocuous functions—such

Critical Vulnerability Patched in FreeIPA Domain Controller for Linux Systems

Critical Vulnerability Patched in FreeIPA Domain Controller for Linux Systems

Red Hat has issued a patch for a critical vulnerability in FreeIPA, a widely used domain controller for Linux systems. The flaw—CVE-2025-4404, rated CVSS 9.4—was discovered by Mikhail Sukhov, a researcher at Positive Technologies. FreeIPA is commonly deployed to manage user identities, authentication policies, and audit logging

Beyond Log4Shell: Two Overlooked Log4j Vulnerabilities That Still Linger

Beyond Log4Shell: Two Overlooked Log4j Vulnerabilities That Still Linger

While the infamous Log4Shell (CVE-2021-44228) and its related flaws dominated headlines in December 2021, two other critical vulnerabilities—Denial-of-Service (DoS) and data leakage—remained largely overlooked. Officially acknowledged only in September 2022, these issues were quietly absorbed into the original set of CVEs, leaving them unpatched and underreported as distinct