The Exploit Post

Sign in Subscribe

News

News

Pixnapping Attack Allows Recovery of 2FA Codes on Android, Pixel by Pixel

Pixnapping Attack Allows Recovery of 2FA Codes on Android, Pixel by Pixel

A newly discovered side-channel attack called Pixnapping allows a malicious Android application to extract confidential data without requiring any special permissions, by stealing individual pixels displayed by other applications or websites. The attack enables the reconstruction of sensitive information such as messages from secure messengers, emails, and two-factor authentication (2FA)

200,000 Framework Laptops Vulnerable to Secure Boot Bypass

200,000 Framework Laptops Vulnerable to Secure Boot Bypass

Approximately 200,000 Linux-based systems from American manufacturer Framework were shipped with signed UEFI shell components that can be exploited to bypass Secure Boot protections. Attackers could leverage this flaw to install bootkits capable of evading operating system–level defenses and persisting even after a full system reinstall. Discovery and

Phishers Are Using the npm Infrastructure to Target Industrial and Technology Companies

Phishers Are Using the npm Infrastructure to Target Industrial and Technology Companies

Threat actors are exploiting the legitimate npm infrastructure in a new phishing campaign dubbed Beamglea. Unlike typical npm-based attacks, these malicious packages do not execute harmful code locally. Instead, they abuse the legitimate unpkg[.]com CDN service to host and display phishing pages to victims. In late September, security researchers

ChaosBot Uses Discord Channels to Control Infected Computers

ChaosBot Uses Discord Channels to Control Infected Computers

Cybersecurity specialists at eSentire have discovered a new backdoor called ChaosBot, written in Rust, that allows attackers to conduct reconnaissance and execute arbitrary commands on compromised systems. The malware is notable for using Discord as its command-and-control (C2) channel. Researchers first detected ChaosBot in late September 2025 during an incident

Large Botnet Targets RDP Services Across the U.S.

Large Botnet Targets RDP Services Across the U.S.

GreyNoise analysts have identified a large-scale botnet attacking Remote Desktop Protocol (RDP) services across the United States, leveraging more than 100,000 IP addresses. According to the firm, the campaign began on October 8, 2025 and continues to expand globally. Global Footprint The campaign was first detected following an unusual

Microsoft Disables IE Mode in Edge After Hackers Abused It for Attacks

Microsoft Disables IE Mode in Edge After Hackers Abused It for Attacks

Microsoft has overhauled the Internet Explorer (IE) mode in the Edge browser after receiving “credible reports” in August 2025 that threat actors were exploiting the feature to gain unauthorized access to user devices. According to the Microsoft Browser Vulnerability Research team, attackers combined basic social engineering with unpatched zero-day vulnerabilities

Malware Was Distributed Through the Official Unity Website

Malware Was Distributed Through the Official Unity Website

Unity Technologies, the video-game software company, has disclosed a data breach involving malicious code on the website of its SpeedTree toolkit, which stole confidential information from hundreds of customers. According to a notice filed with the Maine Attorney General’s Office, malicious code was active on the SpeedTree website’s