The Exploit Post

Sign in Subscribe

News

News

SantaStealer Steals Data from Browsers and Cryptocurrency Wallets

SantaStealer Steals Data from Browsers and Cryptocurrency Wallets

Rapid7 discovered SantaStealer, malware advertised on Telegram channels and hacker forums as operating exclusively in RAM to evade traditional security solutions. Analysis revealed the stealer is poorly secured and contains fundamental operational security flaws. SantaStealer is a rebranded version of BluelineStealer. The presumed Russian-speaking developer plans an official launch by

SoundCloud Hacked and Reports Theft of User Data

SoundCloud Hacked and Reports Theft of User Data

SoundCloud confirmed attackers breached its user database, affecting approximately 28 million accounts—roughly 20% of the platform's total audience. The extortion group ShinyHunters is behind the attack and is blackmailing the company, threatening to publish the stolen database. The breach first became apparent when users reported mass inability

Google Shuts Down Its Darknet Monitoring Service

Google Shuts Down Its Darknet Monitoring Service

Google will shut down Dark Web Report, a service that alerted users about data breaches, in mid-February 2026. The company cited the tool's lack of actionable recommendations as the reason for closure. Google launched Dark Web Report in March 2023 as a Google One subscriber exclusive, then opened

December Windows Updates Break MSMQ Functionality

December Windows Updates Break MSMQ Functionality

Microsoft's December security updates broke the Message Queuing (MSMQ) service, disrupting enterprise applications and IIS websites. The company confirmed the issue but hasn't provided a fix timeline. MSMQ, available in all Windows versions as an optional component, provides network communication capabilities for applications and sees widespread

Vulnerability Found in CyberVolk Ransomware Allows File Decryption

Vulnerability Found in CyberVolk Ransomware Allows File Decryption

Pro-Russian hacktivist group CyberVolk launched a ransomware-as-a-service platform called VolkLocker (CyberVolk 2.x), but SentinelOne researchers discovered critical flaws that let victims recover files for free. The attackers embedded the encryption master key directly in the malware's binary and saved it as a plain text file in the

Hackers Compromised French Interior Ministry Email Servers

Hackers Compromised French Interior Ministry Email Servers

The French Interior Ministry confirmed a cyberattack on its email servers overnight from December 11 to 12. Attackers accessed ministry documents, prompting tightened security protocols and strengthened access controls across staff information systems. French authorities launched an investigation to determine the attack's source and scope. Interior Minister Laurent

Scammers Using Fake Steam Sites to Hijack Accounts

Scammers Using Fake Steam Sites to Hijack Accounts

Attackers launched a phishing campaign targeting Russian gamers through at least 20 fake sites promising Steam gift cards worth $5 to $50 and free game skins. F6 analysts discovered the sites impersonating Steam and Twitch to steal login credentials. Scammers distribute phishing links through YouTube, TikTok, and other video platforms.