The Exploit Post

Sign in Subscribe

News

News

An Eight-Year-Old Vulnerability Discovered in the Unity Engine

An Eight-Year-Old Vulnerability Discovered in the Unity Engine

A vulnerability that has existed since 2017 has been discovered in the Unity game engine. The flaw can be exploited to execute code on Android and perform privilege escalation on Windows systems. Valve has already updated Steam, and Microsoft has issued an update for Microsoft Defender, advising users to delete

CometJacking Attack Turns Perplexity’s AI Browser into a Data Theft Tool

CometJacking Attack Turns Perplexity’s AI Browser into a Data Theft Tool

Researchers have disclosed a CometJacking attack that exploits URL parameters to inject hidden instructions into Perplexity’s Comet AI browser, turning it into a tool for data theft. The vulnerability enables attackers to access confidential information from connected services such as email and calendars. What Is Comet? Comet is an

Hackers Steal Discord Users’ Data and Identification Documents

Hackers Steal Discord Users’ Data and Identification Documents

Hackers have stolen payment information and personal data—including real names and identification documents—of several Discord users. The breach occurred on September 20, 2025, and has been linked to the compromise of a third-party vendor providing customer support services to the company. Discord’s Response Discord representatives publicly acknowledged

Bugs in OpenSSL Allowed Recovery of Private Key, Code Execution, and DoS Attacks

Bugs in OpenSSL Allowed Recovery of Private Key, Code Execution, and DoS Attacks

OpenSSL developers have released several new versions of the open-source SSL/TLS toolkit to address three security vulnerabilities discovered in recent builds. The patched releases — OpenSSL 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.1.1zd, and 1.0.2zm — fix vulnerabilities

DrayTek Patches RCE Vulnerability in Routers

DrayTek Patches RCE Vulnerability in Routers

DrayTek, a networking equipment manufacturer, has issued a warning about a critical vulnerability affecting several models of its Vigor routers. The flaw allows remote, unauthenticated attackers to execute arbitrary code on affected devices. The vulnerability, tracked as CVE-2025-10547, was discovered earlier this year by security researcher Pierre-Yves Maes of ChapsVision.

“Battering RAM” Attack Bypasses Security Features on Intel and AMD CPUs

Security researchers have unveiled a hardware attack, dubbed “Battering RAM,” that bypasses advanced memory protections on the latest Intel and AMD processors widely used in cloud infrastructure. While the findings are significant, both manufacturers note that the exploit requires physical access to the target system, limiting its practical threat. From

Researchers Reveal “Gemini Trifecta” Vulnerabilities in Google’s AI Assistant

Security researchers have disclosed details of three now-patched vulnerabilities in the Google Gemini AI assistant, collectively dubbed the “Gemini Trifecta.” If successfully exploited, the flaws could have tricked the AI into assisting in data theft and other malicious activities. The Three Vulnerabilities According to researchers at Tenable, the issues affected