The Exploit Post

Sign in Subscribe

News

News

(Untitled)

(Untitled)

Keenetic router users discovered their devices automatically installed new firmware—even with auto-update disabled—after the manufacturer detected active exploitation of a critical authentication vulnerability. The Vulnerability In early November, Keenetic published security bulletin KEN-PSA-2025-WP01 describing a CWE-521 vulnerability (Weak Password Requirements) with a CVSS score of 8.8. The

Google Retreats on Android App Verification After Developer Backlash

Google Retreats on Android App Verification After Developer Backlash

Google reversed course on mandatory developer verification for sideloaded Android apps, announcing simplified accounts for small developers and an "advanced mode" for experienced users following community outcry over the restrictive policy. The Original Plan In August 2025, Google announced a Developer Verification system scheduled for 2026 rollout. The

Fortinet Discloses Critical FortiWeb Zero-Day After Weeks of Active Exploitation

Fortinet Discloses Critical FortiWeb Zero-Day After Weeks of Active Exploitation

Fortinet acknowledged a critical authentication bypass vulnerability in FortiWeb firewalls only after security researchers published proof-of-concept exploits—nearly six weeks after attacks began and three weeks after the company quietly patched the flaw. Timeline of Disclosure Failure The vulnerability's exploitation timeline reveals a problematic gap between patch availability

Security Experts Challenge Anthropic's Claims About AI-Powered Cyber Espionage Campaign

Security Experts Challenge Anthropic's Claims About AI-Powered Cyber Espionage Campaign

The Claims Last week, Anthropic published a report asserting that Chinese threat actor GTG-1002 conducted a large-scale cyber-espionage operation with unprecedented AI automation. According to the company, hackers targeted 30 organizations across technology, finance, chemical manufacturing, and government sectors in September 2025, successfully compromising several victims. The report described what

Checkout Refuses Ransom Demand, Will Donate to Cybercrime Research Instead

Checkout Refuses Ransom Demand, Will Donate to Cybercrime Research Instead

British fintech giant Checkout.com—payment processor for eBay, Uber Eats, IKEA, Samsung, and dozens of major brands—became the latest victim of ShinyHunters hackers. The company refused to pay the ransom and announced plans to donate the demanded amount to cybersecurity research. The Breach Checkout.com provides unified payment

Asus Issues Emergency Patch for Authentication Bypass in DSL Router Series

Asus Issues Emergency Patch for Authentication Bypass in DSL Router Series

Asus has released emergency firmware updates addressing a critical authentication bypass vulnerability in several DSL-series router models. The flaw, tracked as CVE-2025-59367, allows remote attackers to gain full administrative control of vulnerable devices without requiring any credentials or user interaction. The affected router models—DSL-AC51, DSL-N16, and DSL-AC750—remain vulnerable

Logitech Confirms Data Breach Following Clop Ransomware Attack

Logitech Confirms Data Breach Following Clop Ransomware Attack

Logitech has filed formal breach notification documents with the U.S. Securities and Exchange Commission (SEC), confirming that threat actors stole company data through a third-party software vulnerability. The Clop ransomware group claimed responsibility for the attack and published approximately 1.8 terabytes of data allegedly stolen from the Swiss-American