The Exploit Post

Sign in Subscribe

News

News

Phishers Exploit LastPass Emergency Feature with Fake Death Certificates

Phishers Exploit LastPass Emergency Feature with Fake Death Certificates

LastPass has issued an urgent warning about a sophisticated phishing campaign that began mid-October 2025, in which attackers send fraudulent emergency access requests claiming the account holder has died. Security researchers attribute the campaign to CryptoChameleon (also tracked as UNC5356), a financially motivated threat group specializing in cryptocurrency theft. The

Critical DNS Cache Poisoning Flaws Patched in BIND, the Internet's Most Widely Used DNS Server

Critical DNS Cache Poisoning Flaws Patched in BIND, the Internet's Most Widely Used DNS Server

The Internet Systems Consortium (ISC) has released emergency security updates for BIND 9, addressing three serious vulnerabilities that could allow attackers to poison DNS caches and redirect users to malicious websites—or simply knock DNS servers offline. Two of the flaws enable cache poisoning attacks that undermine protections established nearly

AI Browser Vulnerability Allows Attackers to Hijack ChatGPT and Perplexity Assistants

AI Browser Vulnerability Allows Attackers to Hijack ChatGPT and Perplexity Assistants

Security researchers have discovered a critical vulnerability affecting OpenAI's ChatGPT Atlas and Perplexity's Comet browsers that allows attackers to completely hijack the built-in AI assistants and trick users into executing malicious actions. The "AI Sidebar Spoofing" attack, disclosed by SquareX researchers, exploits a fundamental

Critical VM Escape Vulnerabilities Discovered in Oracle VirtualBox for ARM-Based Macs

Critical VM Escape Vulnerabilities Discovered in Oracle VirtualBox for ARM-Based Macs

Security researchers at BI.ZONE have uncovered a dangerous vulnerability chain in Oracle VirtualBox that could allow attackers to break out of virtual machines and compromise host systems running ARM-based macOS. The two flaws—CVE-2025-62592 and CVE-2025-61760—represent the first publicly known VM escape vulnerability chain since VirtualBox added ARM

Microsoft Issues Emergency Patch for Critical WSUS Vulnerability Under Active Exploitation

Microsoft Issues Emergency Patch for Critical WSUS Vulnerability Under Active Exploitation

Microsoft has released emergency out-of-band security updates to address a critical vulnerability in Windows Server Update Service (WSUS) after security researchers detected active exploitation attempts in the wild. The flaw, tracked as CVE-2025-59287, enables remote code execution on vulnerable servers and is particularly dangerous it could potentially spread between WSUS

Massive "YouTube Ghost Network" Distributed Malware Through 3,000+ Fake Tutorial Videos

Massive "YouTube Ghost Network" Distributed Malware Through 3,000+ Fake Tutorial Videos

Four-year campaign hijacked legitimate channels to push info-stealers disguised as cracked software and game cheats, with activity tripling in 2025 Google has removed over 3,000 malicious videos from YouTube that formed part of a sophisticated malware distribution network active since 2021, security researchers revealed this week. The campaign, dubbed

"Jingle Thief" Hackers Steal Millions Through Gift Card Fraud Scheme

"Jingle Thief" Hackers Steal Millions Through Gift Card Fraud Scheme

Moroccan cybercrime group infiltrates retailers' cloud systems to mass-issue unauthorized gift cards, maintaining hidden access for over a year A sophisticated hacking operation is targeting retail and consumer service companies worldwide, exploiting cloud infrastructure vulnerabilities to generate and steal gift cards worth potentially millions of dollars. The group, dubbed