🚨Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets. ✅ ✅ Join Telegram For More Content:

We are sharing Fortinet FortiWeb instances compromised with webshells likely via CVE-2025-25257. We see 77 cases on 2025-07-15, down from 85 on 2025-07-14. CVE-2025-25257 exploitation activity observed since Jul 11th. Tree map overview (compromised):

A misconfigured public PHP upload page on a Linux server allowed upload of obfuscated web shells and mailer scripts. Missing EDR, unpatched CVEs, and poor logging hindered detection. #WebShells #UploadSecurity #Varonis.

#opendir hosting #CobaltStrike #webshells and #shellcode loader. 152.32.170.129 🇭🇰. 121.exe and 12.exe (both CobaltStrike) connect to 152.42.226.16 🇸🇬 for C2. Interesting payload hosted in Sqlite database (also CobaltStrike)

NEW LAB: Mustang Panda 🐼🔍. Chinese cyber espionage APT targeting a government body across the U.S, Europe, and APAC. Test your blue team skills on.👀 .NET malware.👀 DLL Sideloading.👀 Webshells .👀 Procdumps. Lab Contributors.Adversarial Emulation: @MDSecLabs @offensiveninja

Dear DFIR colleagues,.Always be wary of 404 error codes in web server log files. Some webshells intentionally send this error code to deceive you into thinking the request failed.

SharePoint situational update: In collaboration with @ValidinLLC & @certbund we improved vhost & version detection of SharePoint instances, resulting in ~17K IPs observed exposed. 840 with CVE-2025-53770 - version based detection only. At least 20 with webshells.

The group's arsenal includes public exploits (CVE-2024-27956), tools like #Cobalt Strike and Metasploit, and Chinese-specific utilities like #Godzilla/Behinder webshells. A key discovery was a custom PowerShell script that archives & exfiltrates specific document types from

The Fallout show reminds me of how nerdy I can be. In 2016, I gave a talk on WebShells. The slides were themed as a RobCo terminal, and I'm wearing a hacker Valult Boy shirt.

I went and extracted keywords from all the known knowns of webshells 🐚. I then popped them into an array 📋 and added a special twist 🌀 to our output in #ShellSweep 🖥. Note 📝: Some of the false positives (FPs) in the Mixed Mode shot there. 'Mixed' is using a lower value for

In a recent investigation, a customer contacted us because an AV scanner detected webshells in a web root accessible from the Internet. While investigating the incident, we found out that the jQuery-File-Upload widget is reachable from the Internet as well, without

Webshell بشكل موجز مع خطوات توضح لك كيف يتم اكتشافه كمحلل امن سيبراني . هو عبارة عن برنامج نصي أو برنامج ضار يتم تحميله إلى خادم ويب Web Server مخترق، .مما يسمح للمهاجم بالوصول غير المصرح به والتحكم في الخادم. غالبًا ما يستخدم المهاجمون Webshells لتنفيذ أوامر عشوائية ومعالجة

تجنيد للهاكرز على العلن 😁. تم التواصل معي من قبل شخص يحاول تجنيد أفراد في مجال #الأمن_السيبراني لاختراق مواقع إلكترونية مسجّلة في الصين، مقابل راتب شهري قد يصل إلى 100,000 دولار. طلب مني إثبات القدرة عبر زرع 3 webshells حقيقية في نطاقات صينية، قبل مناقشة تفاصيل “التعاون طويل

Hackers are hitting ASP . Net apps, exploiting exposed MachineKeys for RCE and stealthy webshells like Godzilla. They’re pivoting fast to tools like Cobalt Strike and chasing privilege escalation. Scan, patch, stay ahead. #CyberSecurity #KudelskiSecurity

🚨 SAP NetWeaver Webshells Spotted: CVE-2025-31324 in the Wild 🚨. Multiple reports confirmed active exploitation of SAP NetWeaver Visual Composer vulnerabilities (CVE-2025-31324). Attackers are dropping lightweight JSP webshells like the ones shared by Onapsis, captured by

Chasse à la menace sur Linux, utiliser Sysmon et auditd et détecter des webshells. ->

We continue to report out daily lists of Citrix ADC/Gateway IPs that are known to be compromised with webshells installed (CVE-2023-3519 attacks). We now see 1486 instances on 2023-08-17. Big thank you to @DIVDnl & @foxit for the collaboration. Data in

Update: See newly added info to our #ToolShell Alert. We’ve included info on ransomware deployment, new webshells involved in exploitation, & detection guidance 👉

Something I find terrifying that few other devs seem to are requests hitting sites like "/gecko.php". It's easy to think "I don't have that file on my site" or "I'm not running PHP so I don't need to care.". But webshells like Gecko are designed to be snuck into your