The Exploit Post

Sign in Subscribe

News

News

FBI Warns of AI-Powered Virtual Kidnapping Scams

FBI Warns of AI-Powered Virtual Kidnapping Scams

The FBI reports that scammers are now weaponizing AI to make "virtual kidnapping" schemes more convincing. Criminals harvest photos from social media, process them with AI tools, and use the manipulated images to convince victims their relatives have been abducted—then demand immediate ransom payments. No actual kidnappings

Critical XXE Vulnerability Patched in Apache Tika

Critical XXE Vulnerability Patched in Apache Tika

Apache developers have patched a critical vulnerability in Apache Tika—a widely-used toolkit for detecting and extracting metadata from various file formats. The flaw, identified as CVE-2025-66516, scores a perfect 10.0 on the CVSS scale and enables XXE (XML External Entity) injection attacks through specially crafted XFA files embedded

Aisuru Botnet Shatters DDoS Records with 29.7 Tbps Attack

Aisuru Botnet Shatters DDoS Records with 29.7 Tbps Attack

A massive botnet dubbed Aisuru has set a new record for distributed denial-of-service attacks, reaching 29.7 terabits per second (Tbps) in peak traffic volume. The attack, which lasted only 69 seconds, demonstrates how compromised IoT devices and routers can be weaponized to generate unprecedented levels of malicious network traffic.

Critical React Vulnerability Achieves Perfect 10 CVSS Score, Enables Unauthenticated Remote Code Execution

Critical React Vulnerability Achieves Perfect 10 CVSS Score, Enables Unauthenticated Remote Code Execution

A critical vulnerability in React has received a perfect 10.0 CVSS score, allowing attackers to execute code remotely on servers without authentication. The flaw, tracked as CVE-2025-55182 and dubbed "React2Shell," threatens millions of applications built on React and Next.js frameworks. React, Meta's open-source JavaScript

New Outlook Fails to Open Excel Attachments with Non-ASCII Characters

New Outlook Fails to Open Excel Attachments with Non-ASCII Characters

Microsoft is working to fix a bug preventing Excel files from opening in the new Outlook client. The issue surfaced on November 23, 2025, affecting some Exchange Online users. Per advisory EX1189359, developers have deployed a fix and identified the root cause: incorrect encoding processing in file names containing non-ASCII

GlassWorm Malware Resurfaces in 24 Malicious Packages

GlassWorm Malware Resurfaces in 24 Malicious Packages

GlassWorm malware has infiltrated Visual Studio Code extension repositories for the third time. Threat actors uploaded 24 new malicious packages to OpenVSX and the Microsoft Visual Studio Marketplace, despite two previous campaigns earlier this year. Security researchers first identified GlassWorm in October 2025. The malware steals credentials from GitHub, npm,

Android Patched Two Zero-Day Vulnerabilities Under Active Attack

Android Patched Two Zero-Day Vulnerabilities Under Active Attack

Google released its December security update for Android, fixing 107 vulnerabilities across the operating system. Two of these were zero-day flaws that attackers had already exploited in targeted campaigns. The zero-day vulnerabilities carry the identifiers CVE-2025-48633 and CVE-2025-48572. The first permits unauthorized access to sensitive information, while the second enables