The Exploit Post

Sign in Subscribe

News

News

New Android Trojan Sturnus Steals Messages from Signal, WhatsApp, and Telegram

New Android Trojan Sturnus Steals Messages from Signal, WhatsApp, and Telegram

Specialists at ThreatFabric have discovered a new banking Trojan named Sturnus. The malware can intercept messages from end-to-end encrypted messengers (Signal, WhatsApp, Telegram) and gain full control over devices via VNC. Technical Architecture Researchers explain that Sturnus uses an advanced communication scheme with its command-and-control (C&C) servers: a

W3 Total Cache Vulnerability: Update Mandatory

W3 Total Cache Vulnerability: Update Mandatory

Vulnerability in WordPress Plugin W3 Total Cache Allows PHP Command Injection A critical vulnerability, CVE-2025-9501, has been discovered in the popular WordPress plugin W3 Total Cache. This flaw allows arbitrary PHP commands to be executed on the server without authentication. To carry out an attack, an attacker need only post

Hackers Deface Website of DPI Technology Provider Protei and Claim Leak of 182 GB of Data

Hackers Deface Website of DPI Technology Provider Protei and Claim Leak of 182 GB of Data

An unknown hacker group claims to have breached the servers of telecommunications company Protei and stolen approximately 182 gigabytes of data, including several years of email correspondence. The attackers, whose motives remain unclear, also defaced the company's website with a profane message. Company Background Per TechCrunch reporting, Protei

Google Chrome Patches Zero-Day Vulnerability Already Exploited by Hackers

Google Chrome Patches Zero-Day Vulnerability Already Exploited by Hackers

Google has released an emergency patch for Chrome, fixing zero-day vulnerability CVE-2025-13223. This marks the seventh zero-day vulnerability exploited in real-world attacks and patched in the browser this year. The patched issue involves a type confusion error in the V8 JavaScript engine and WebAssembly. Clement Lecigne from Google's

Malicious npm Packages Abuse Adspect Redirects

Malicious npm Packages Abuse Adspect Redirects

Researchers at Socket have discovered seven malicious packages in npm that exploit the Adspect cloud service to mask their activity while redirecting victims to cryptocurrency scam websites. Adspect markets itself as a tool for protecting websites from bots. However, this campaign demonstrates the service can serve the opposite purpose—concealing

Dutch Police Confiscate 250 Servers from "Bulletproof" Hosting Provider

Dutch Police Confiscate 250 Servers from "Bulletproof" Hosting Provider

Dutch police have executed a large-scale operation against an unnamed "bulletproof" hosting provider, seizing approximately 250 physical servers from data centers in The Hague and Zoetermeer. The seizure caused thousands of virtual servers to go offline simultaneously. Media sources indicate the operation likely targeted the hosting service CrazyRDP.

Azure Withstands 15.72 Tbps DDoS Attack From Half-Million Compromised Devices

Azure Withstands 15.72 Tbps DDoS Attack From Half-Million Compromised Devices

Microsoft's Azure cloud platform absorbed a massive distributed denial-of-service attack from the Aisuru botnet, peaking at 15.72 terabits per second with traffic originating simultaneously from 500,000 IP addresses. The Attack The assault targeted a specific Azure public IP address in Australia using UDP flooding techniques. Attack