The Exploit Post

Sign in Subscribe

Latest

Chinese Hackers Exploit Unpatched Windows Vulnerability to Target European Diplomats

Chinese Hackers Exploit Unpatched Windows Vulnerability to Target European Diplomats

The China-linked hacker group UNC6384, also tracked as Mustang Panda, is conducting a widespread cyber-espionage campaign targeting European diplomatic and government organizations. Research from Arctic Wolf and StrikeReady reveals that the hackers are exploiting an unpatched Windows vulnerability related to LNK shortcuts—a flaw that has existed since at least

Ribbon Communications Discovers Nine-Month Network Breach

Ribbon Communications Discovers Nine-Month Network Breach

American telecommunications company Ribbon Communications has disclosed a security breach of its IT network. The company suspects hackers working for a foreign government conducted the intrusion. The timeline raises serious concerns: the attack began in December 2024, but Ribbon didn't discover the compromise until September 2025—nine months

WordPress Security Plugin Vulnerability Exposes User Data on 100,000+ Sites

WordPress Security Plugin Vulnerability Exposes User Data on 100,000+ Sites

A serious vulnerability has been discovered in the Anti-Malware Security and Brute-Force Firewall plugin for WordPress. This flaw, tracked as CVE-2025-11705, allows users with minimal account privileges to read arbitrary files stored on the server. The plugin is installed on more than 100,000 websites, but only half of those

Memento Labs Chief Confirms Company's Spyware Found in Russian Cyberattack

Memento Labs Chief Confirms Company's Spyware Found in Russian Cyberattack

Paolo Lezzi, who leads the Italian surveillance company Memento Labs (formerly Hacking Team), has confirmed to media outlets that researchers from Kaspersky Lab correctly identified his company's spyware in recent attacks. The malware, called Dante, appeared in a sophisticated campaign targeting Russian organizations. Lezzi's response included

Leaked Documents Show Which Pixel Phones Cellebrite Can Access

Leaked Documents Show Which Pixel Phones Cellebrite Can Access

An insider operating under the name "rogueFed" has leaked screenshots from a confidential Cellebrite briefing intended for law enforcement agencies. These documents reveal which Google Pixel smartphone models can be compromised using the company's forensic tools. The leak also shows that GrapheneOS, a privacy-focused custom operating

Zimperium Identifies Over 760 Active NFC Malware Apps Targeting Eastern Europe

Zimperium Identifies Over 760 Active NFC Malware Apps Targeting Eastern Europe

Zimperium researchers are warning about a surge in NFC-based malware targeting Android users across Eastern Europe. In recent months, the security firm identified more than 760 malicious applications that exploit NFC technology to steal payment data from victims. This represents a sharp increase from the isolated samples discovered when these

DeliveryRAT Android Trojan Now Launches DDoS Attacks

DeliveryRAT Android Trojan Now Launches DDoS Attacks

Security researchers at F6 have analyzed an updated version of DeliveryRAT, an Android Trojan that continues to expand its capabilities. This malware disguises itself as legitimate applications—food delivery services, online marketplaces, banking apps, and package tracking tools. The latest version, which appeared in the second half of 2025, added