The Exploit Post

Sign in Subscribe

Latest

Millions of Cars Exposed to Bluetooth Attacks via PerfektBlue Vulnerabilities

Millions of Cars Exposed to Bluetooth Attacks via PerfektBlue Vulnerabilities

Critical flaws in OpenSynergy’s BlueSDK put Mercedes-Benz, Volkswagen, Skoda, and others at risk. Four newly disclosed vulnerabilities in the BlueSDK Bluetooth stack—developed by OpenSynergy—have exposed millions of vehicles to potential remote attacks. Collectively named PerfektBlue, these flaws enable remote code execution (RCE) and could grant attackers access

TapTrap Attack Exploits UI Animations to Bypass Android’s Permission System

TapTrap Attack Exploits UI Animations to Bypass Android’s Permission System

Security researchers have uncovered a new technique—dubbed TapTrap—that exploits Android’s user interface (UI) animations to bypass the platform’s permission system. The attack allows malicious apps to steal sensitive data or trick users into performing dangerous actions, including factory-resetting their devices. What Is TapTrap? TapTrap is a

Another Method Found to Extract Windows Keys from ChatGPT

Another Method Found to Extract Windows Keys from ChatGPT

Cybersecurity researcher Marco Figueroa has revealed a new technique for extracting Windows product keys from ChatGPT—this time by tricking the AI into playing a seemingly harmless guessing game. Figueroa is a leading expert in Mozilla’s 0Din (Zero-Day Investigative Network), a bug bounty program launched in mid-2024 to reward

Google Enhances Chrome Security for Android with Advanced Protection

Google Enhances Chrome Security for Android with Advanced Protection

Google has outlined how its Advanced Protection program now integrates with Chrome for Android, highlighting significant security upgrades aimed at protecting high-risk users from sophisticated threats. Earlier this year, with the release of Android 16, Google expanded Advanced Protection to the device level, offering system-wide safeguards for individuals who are

Insider Received $920 for Role in $140 Million Heist on Brazilian Banks

Insider Received $920 for Role in $140 Million Heist on Brazilian Banks

Hackers stole approximately $140 million from six Brazilian banks after bribing an insider at C&M, an IT firm that develops systems connecting financial institutions with Brazil’s Central Bank. The breach occurred on June 30, 2025, when attackers exploited the login credentials of João Nazareno Roque, a C&

Bitcoin Depot Confirms Data Breach Affecting 27,000 Customers

Bitcoin Depot Confirms Data Breach Affecting 27,000 Customers

Bitcoin Depot, the largest Bitcoin ATM operator in North America, has confirmed a data breach that exposed sensitive personal information belonging to approximately 27,000 individuals. The breach, which occurred in June 2024, remained undisclosed until now due to an active federal investigation. Delayed Disclosure Tied to Law Enforcement Request

Microsoft Patched 137 Vulnerabilities in July: One SQL Server Zero-Day Disclosed

Microsoft Patched 137 Vulnerabilities in July: One SQL Server Zero-Day Disclosed

As part of July's Patch Tuesday rollout, Microsoft addressed 137 security vulnerabilities across its product suite. While none of the flaws were known to be actively exploited in the wild, one zero-day vulnerability in Microsoft SQL Server (CVE-2025-49719) had been publicly disclosed prior to the patch, raising concerns