CVE-2018-7600 - a crafted request turned thousands of websites into attacker control panels.

In this episode of The Exploit Archives, we break down how Drupal was compromised again, how it worked and why RCE is still one of the worst outcomes for web platforms.

Support the show: ⁠⁠⁠⁠⁠⁠The Exploit Archives⁠⁠⁠⁠

Youtube: ⁠⁠⁠⁠⁠⁠The Exploit Archives - Youtube

Weekly episodes!

Tags: CVE breakdown, cybersecurity, drupal, drupalgeddon 2,rce, ethical hacking, remote code execution, cms vulnerability

CVE-2014-3704 - a single vulnerability in Drupal, one of the web's biggest content management.

In this episode of The Exploit Archives, we break down how this silent bug in Drupal's code turned into global exploitation within hours, why thousands of sites were compromised, and what lessons it left behind.

Stay tuned for Part Two.

Support the show: The Exploit Archives

Youtube: ⁠⁠⁠⁠⁠The Exploit Archives - YouTube⁠⁠⁠⁠

Weekly Episodes!

Tags: CVE breakdown, cybersecurity, drupal, drupalgeddon, sql injection, ethical hacking, remote code execution, cms vulnerability

CVE-2024-3094 - a backdoor hidden inside XZ Utils, the tiny compression library bundled into millions of Linux systems.

In this episode of The Exploit Archives, we break down how a trusted maintainer slipped in the malicious code, how close it came to being unleashed, and what this betrayal means for the future of open-source security.

Support the show: ⁠⁠⁠⁠The Exploit Archives⁠⁠⁠⁠

Youtube: ⁠⁠⁠⁠The Exploit Archives - YouTube⁠⁠⁠

Weekly Episodes!

Tags: CVE breakdown, cybersecurity, linux , xz utils, linux security, supply chain attack, ssh vulnerability, hacking, cryptography flaw, cybersecurity podcast, exploit analysis, ethical hacking

CVE-2025-23334, CVE 2025-23320, CVE-2025-23319 - three vulnerabilities in NVIDIA's Triton Inference Server that chain together, getting more critical each time.

In this episode of The Exploit Archives, we break down this "Triple Threat", how these flaws work, why they matter for AI security, and what lessons they hold for protecting machine learning infrastructure.

Support the show: ⁠⁠⁠The Exploit Archives⁠⁠⁠

Youtube: ⁠⁠⁠The Exploit Archives - YouTube⁠⁠

Weekly Episodes!

Tags: CVE breakdown, cybersecurity, ai, nvidia, ai security, cryptography flaw, cybersecurity podcast, exploit analysis, ethical hacking

CVE-2021-41096 - a flaw in Rucky, the open-source Android app that turns your phone into a “Rubber Ducky” style hacking tool. It exposed just how dangerous weak cryptography can be.

In this episode of The Exploit Archives, we break down how the flaw worked, why it mattered, and how a simple cryptographic misstep turned a pentesting tool into a potential attack vector.

Support the show: ⁠⁠The Exploit Archives⁠⁠

Youtube: ⁠⁠The Exploit Archives - YouTube⁠

Weekly Episodes!

Tags: CVE breakdown, Rucky app, USB HID exploit, cybersecurity, hacking, weak encryption, RSA vulnerability, Rubber Ducky, cryptography flaw, cybersecurity podcast, exploit analysis, ethical hacking

CVE-2017-5753 & CVE-2017-5715 – better known as Spectre – exposed a terrifying truth: your CPU could be exploited.

This wasn’t a software flaw. It was a vulnerability baked into the hardware of nearly every modern processor. And it wasn’t just theoretical. Attackers could steal passwords, encryption keys, and sensitive data... without ever touching the system.

In this episode of The Exploit Archives, we dive into how Spectre worked, the performance cost of fixing it, and how this invisible exploit changed the future of cybersecurity forever.

Support the show: ⁠The Exploit Archives⁠

Youtube: ⁠The Exploit Archives - YouTube

Weekly Episodes!

Tags:CVE breakdown, hacking, hardware exploit, Spectre bug, speculative execution, CPU vulnerability, Intel bug, privilege leaks, cybersecurity podcast, ethical hacking, exploit analysis

CVE-2021-3156 - was one of the most shocking privilege escalation bugs ever found in Linux. Hidden in sudo for nearly a decade, this flaw let any user with shell access become root instantly - no passwords, no exploit chains, just power.

In this episode of The Exploit Archives, we break down how the bug worked, why it was so dangerous, and how a quiet code review uncovered a flaw sitting in plain sight for years.

Support the show: The Exploit Archives

Youtube: The Exploit Archives - YouTube

Weekly Episodes!

CVE breakdown, hacking, linux, ethical hacking, sudo, sudo bug, exploit analysis, cyber attacks, Baron Samedit, privilege escalation

CVE-2022-1388 — an authentication bypass in F5’s BIG-IP systems that gave attackers the keys to the kingdom. No password. No login. Just one carefully crafted request… and full root access.

In this episode of The Exploit Archives, we break down how this critical flaw let remote attackers take over enterprise infrastructure, why so many systems were exposed, and how the exploit unfolded in the wild.

Fast. Loud. Dangerously easy.

Support the show: The Exploit Archives

Youtube: @TheExploitArchives

Weekly Episodes!CVE-2022-1388, F5 BIG-IP, BIG-IP vulnerability, authentication bypass, hacking, remote code execution, SSRF, cyber attacks, 2022 CVEs, The Exploit Archives, ethical hacking, CVE breakdown, security flaw, exploit analysis, infosec podcast