The Exploit Post

Sign in Subscribe

Latest

Hackers Exploit Post SMTP Plugin to Hijack WordPress Administrator Accounts

Hackers Exploit Post SMTP Plugin to Hijack WordPress Administrator Accounts

Attackers are actively exploiting a critical vulnerability in Post SMTP, a WordPress plugin installed on over 400,000 websites. The flaw allows hackers to seize administrator accounts and take complete control of vulnerable sites. Post SMTP ranks among the most popular plugins for handling email on WordPress sites. Developers market

Akira Ransomware Gang's Apache OpenOffice Claims Don't Add Up

Akira Ransomware Gang's Apache OpenOffice Claims Don't Add Up

The Akira ransomware group posted a bold claim on October 30, 2025: they'd breached Apache OpenOffice and stolen 23 GB of sensitive data. According to their darknet announcement, the haul includes employee personal information—home addresses, phone numbers, birth dates, driver's license copies, social security numbers,

Operation SkyCloak: Advanced Espionage Campaign Targets Russian and Belarusian Defense Sectors

Operation SkyCloak: Advanced Espionage Campaign Targets Russian and Belarusian Defense Sectors

Cybersecurity researchers at Cyble and Seqrite Labs have uncovered a sophisticated espionage campaign targeting defense and government organizations in Russia and Belarus. The operation, designated Operation SkyCloak, deploys a custom backdoor that combines OpenSSH, Tor hidden services, and obfs4 traffic obfuscation to maintain persistent, anonymous access to compromised systems. Attack

Hackers Target Transportation Companies for Physical Cargo Theft

Hackers Target Transportation Companies for Physical Cargo Theft

Security researchers at Proofpoint have uncovered a large-scale campaign where cybercriminals breach transportation companies and logistics operators to steal physical cargo. These attacks are causing multi-million dollar losses and significant supply chain disruptions across multiple countries. Attack Methodology The campaign begins with compromised accounts on freight load boards—specialized online

Amazon Launches Device-Level Blocking System for Pirated Fire TV Applications

Amazon Launches Device-Level Blocking System for Pirated Fire TV Applications

Amazon has announced plans to block unauthorized applications directly on Fire TV Stick devices, marking a significant shift in the company's anti-piracy strategy. The new measures target modified Fire Sticks used for accessing pirated movies, television series, and sports broadcasts without payment. Background: The Sideloading Practice For years,

Windows 11 Update Breaks Task Manager: Processes Refuse to Close Properly

Windows 11 Update Breaks Task Manager: Processes Refuse to Close Properly

Microsoft's optional October update KB5067036 has introduced a significant bug in Windows 11: Task Manager fails to close properly after use. The result? Multiple background instances of taskmgr.exe accumulate in memory, consuming resources and slowing down your system. The Problem After installing update KB5067036 (released October 28,

SesameOp Backdoor: How Attackers Weaponized OpenAI's Assistants API for Covert Operations

SesameOp Backdoor: How Attackers Weaponized OpenAI's Assistants API for Covert Operations

Microsoft's Detection and Response Team (DART) has identified a new backdoor malware called SesameOp, which represents a shift in how attackers hide their command-and-control (C2) communications. Instead of building their own infrastructure that security teams can easily spot and block, the operators behind SesameOp are using OpenAI'