The Exploit Post

Sign in Subscribe

Latest

Cisco Patches Two Critical RCE Vulnerabilities in ISE and ISE-PIC

Cisco Patches Two Critical RCE Vulnerabilities in ISE and ISE-PIC

Cisco has issued an urgent advisory regarding two critical unauthenticated remote code execution (RCE) vulnerabilities impacting its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC) products. The flaws—CVE-2025-20281 and CVE-2025-20282—have each been assigned a CVSS severity score of 10.0, the highest possible rating. The first vulnerability

CitrixBleed 2 Vulnerability Already Being Exploited in Attacks

CitrixBleed 2 Vulnerability Already Being Exploited in Attacks

CitrixBleed 2 Vulnerability Already Being Exploited in Attacks Security experts at ReliaQuest have confirmed that CitrixBleed 2 (CVE-2025-5777)—a critical vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway—is already being exploited in the wild. Researchers report a sharp increase in suspicious activity targeting Citrix devices. The newly identified vulnerability,

Vulnerabilities Found in Airoha Bluetooth Chipsets Used in Dozens of Audio Devices

Vulnerabilities Found in Airoha Bluetooth Chipsets Used in Dozens of Audio Devices

Security researchers have uncovered multiple vulnerabilities in Airoha Bluetooth chipsets, widely used in audio devices from brands like Sony, Bose, Jabra, JBL, and more. These flaws open the door to eavesdropping, unauthorized commands, and potential data theft. Researchers at ERNW identified three key vulnerabilities in Airoha’s system-on-chip (SoC) modules,

WinRAR Vulnerability Allowed Malware Execution During Archive Extraction

WinRAR Vulnerability Allowed Malware Execution During Archive Extraction

A critical path traversal vulnerability (CVE-2025-6218) in WinRAR has been patched after researchers discovered it could allow malware to execute automatically when extracting archives. The flaw received a CVSS score of 7.8 and was reported by security researcher whs3-detonator through Zero Day Initiative in early June 2025. Affected Versions

War Thunder Forums Leak Confidential Documents Yet Again

War Thunder Forums Leak Confidential Documents Yet Again

Another War Thunder player has been banned from the game’s official forums after posting a page from the AV-8B Harrier’s flight manual—marking at least the ninth known incident where users have leaked classified or restricted materials in an attempt to win arguments. This time, a user named

Akamai Experts Detail Two New Methods to Disrupt Cryptojacking Botnets

Akamai Experts Detail Two New Methods to Disrupt Cryptojacking Botnets

Researchers at Akamai have outlined two novel techniques that can be used to disable cryptocurrency-mining botnets. The methods exploit design flaws in common mining algorithms to halt cryptojacking operations. "We developed two techniques that abuse mining technologies and pool policies, allowing us to degrade the efficiency of mining botnets—

Hardware Wallet Manufacturer Trezor Warns Users About Phishing Attacks

Hardware Wallet Manufacturer Trezor Warns Users About Phishing Attacks

The maker of Trezor hardware crypto wallets is warning users about phishing attacks. Hackers exploited the company’s automated support system to send out malicious messages. The issue stems from the fact that anyone could open a support ticket on the company’s website by simply entering an arbitrary email