The Exploit Post

Sign in Subscribe

News

News

Microsoft Warns of Hack Group Stealing University Employee Payrolls

Microsoft Warns of Hack Group Stealing University Employee Payrolls

Microsoft has warned that the cybercrime group Storm-2657 has been targeting universities across the United States since March 2025, hijacking employee accounts and redirecting payroll funds to attacker-controlled bank accounts. “Storm-2657 is actively attacking U.S. organizations—particularly employees in the higher education sector—to gain access to third-party HR

FBI Seizes Another BreachForums Domain; Hackers Admit the “Era of Forums Is Over”

FBI Seizes Another BreachForums Domain; Hackers Admit the “Era of Forums Is Over”

The FBI has seized another version of the notorious hacker forum BreachForums, taking control of the domain BreachForums[.]hn a site used to leak data from at least 39 organizations affected by the recent Salesforce-related breaches. According to threat actors behind the forum, law enforcement not only took the site

Forensics Tool Velociraptor Used to Deploy LockBit and Babuk Ransomware

Forensics Tool Velociraptor Used to Deploy LockBit and Babuk Ransomware

Cisco Talos researchers have warned that Velociraptor, a legitimate digital forensics and incident response (DFIR) tool, is being repurposed by LockBit and Babuk ransomware operators to deploy malware and maintain persistence in compromised networks. Velociraptor is an open-source DFIR utility originally developed by security researcher Mike Cohen and later acquired

Anthropic Finds That Just 250 Malicious Documents Can Poison a Large Language Model

Anthropic Finds That Just 250 Malicious Documents Can Poison a Large Language Model

Researchers at Anthropic, working with the UK government’s AI Safety Institute, the Alan Turing Institute, and several academic partners, have demonstrated that as few as 250 maliciously crafted documents are enough to poison a large language model (LLM) — causing it to produce incoherent text whenever it encounters a specific

SonicWall Confirms Breach Exposed Firewall Configurations from All Cloud Backup Users

SonicWall Confirms Breach Exposed Firewall Configurations from All Cloud Backup Users

SonicWall has confirmed that the data breach reported last month compromised firewall configuration backups for all customers who used its cloud backup service, overturning earlier statements that suggested only a limited subset of users were affected. The exposed data comes from MySonicWall, the company’s customer portal used for product

The RondoDox Botnet Exploits 56 Vulnerabilities Across Dozens of Devices

The RondoDox Botnet Exploits 56 Vulnerabilities Across Dozens of Devices

Security researchers have uncovered a large-scale botnet dubbed RondoDox, which exploits 56 vulnerabilities across more than 30 types of internet-connected devices — including flaws first demonstrated at the Pwn2Own hacking competition. The campaign targets a wide spectrum of hardware such as digital and network video recorders (DVRs/NVRs), IP cameras, and

The Mic-E-Mouse attack turns an ordinary mouse into a listening device

The Mic-E-Mouse attack turns an ordinary mouse into a listening device

Researchers at the University of California, Irvine (UC Irvine) have demonstrated a surprising side-channel attack: high-DPI optical mice can pick up surface vibrations caused by speech, allowing attackers to reconstruct nearby words with troubling accuracy. Modern gaming and professional mice use ultra-sensitive optical sensors (20,000 DPI and above) that