The Exploit Post

Sign in Subscribe

News

News

A Vulnerability in Figma MCP Allowed Remote Code Execution Overview

A Vulnerability in Figma MCP Allowed Remote Code Execution Overview

Researchers from Imperva have disclosed details about a now-patched vulnerability in the Figma developer MCP (Model Context Protocol) server. The flaw allowed remote attackers to execute arbitrary code and was assigned CVE-2025-53967 with a CVSS score of 7.5. Technical Details The issue stemmed from unsanitized user input, resulting in

Clop Attacks Oracle E-Business Suite Users with 0-Day Vulnerability

Clop Attacks Oracle E-Business Suite Users with 0-Day Vulnerability

Last week, Oracle warned customers about a critical 0-day vulnerability in its E-Business Suite (CVE-2025-61882) that allows remote execution of arbitrary code without authentication. It has now been confirmed that the Clop ransomware group has been actively exploiting this flaw in real-world attacks since August 2025. 0-Day Under Active Exploitation

Google Will Not Fix the ASCII Smuggling Issue in Its Gemini AI Assistant

Google Will Not Fix the ASCII Smuggling Issue in Its Gemini AI Assistant

Google developers have confirmed that they will not issue a fix for the so-called “ASCII smuggling” issue affecting their Gemini AI assistant. The flaw can be used to trick the model into producing false information, altering its behavior, or even poisoning training data with invisible payloads. Understanding ASCII Smuggling In

North Korean Hackers Stole Over $2 Billion in 2025

North Korean Hackers Stole Over $2 Billion in 2025

According to blockchain analysts at Elliptic, North Korean hackers stole more than $2 billion USD in cryptocurrency during the first nine months of 2025 — setting a new all-time record. This brings the total confirmed amount of cryptocurrency stolen by DPRK-linked threat actors to over $6 billion USD. The United Nations

Discord Confirms: Hackers Stole Identity Documents of 70,000 Users

Discord Confirms: Hackers Stole Identity Documents of 70,000 Users

Discord has confirmed that it will not pay a ransom to the attackers who claim to have stolen the data of 5.5 million users. The stolen information reportedly includes copies of identity documents and partial payment details. However, the company insists that the actual number of affected users is

East Asian Group NGC4141 Attacks Custom Web Applications of Russian Organizations

East Asian Group NGC4141 Attacks Custom Web Applications of Russian Organizations

Analysts from the Solar 4RAYS cyber threat research center, part of the Solar Group of Companies, have identified a previously unknown East Asian hacking group that used public tools to attack the web application of an unnamed Russian federal agency. The targeted system ran on a custom-built engine. According to

Qualcomm Is Buying Arduino and Announces the UNO Q Single-Board Computer

Qualcomm Is Buying Arduino and Announces the UNO Q Single-Board Computer

Qualcomm, the U.S. semiconductor giant known for its Snapdragon chips, has announced the acquisition of Arduino, the Italian company famous for its open-source hardware and software ecosystem. In its statement, Qualcomm emphasized that Arduino will retain its brand, mission, and open-source philosophy, as well as its commitment to supporting