Web Shell Archives • Daily CyberSecurity

The N-Day Nightmare: How SHADOW-EARTH-053 Breaches Governments Using “Old” Exploits SHADOW-EARTH-053 ShadowPad Espionage

The N-Day Nightmare: How SHADOW-EARTH-053 Breaches Governments Using “Old” Exploits

Do Son May 5, 2026

TrendAI Research has identified a persistent and methodical China-aligned threat cluster targeting government entities and critical infrastructure...

Froxlor’s CVSS 10 Flaw Turns Config Files into Persistent Backdoors Froxlor RCE Persistent Backdoor

Froxlor’s CVSS 10 Flaw Turns Config Files into Persistent Backdoors

Do Son April 17, 2026

Security researchers have sounded the alarm on two critical vulnerabilities within Froxlor, the popular open-source server management...

Beyond the URL: How “Cookie-Gated” Web Shells Hide Silent RCE in Plain Sight Cookie-Gated Web Shell Stealth C2

Beyond the URL: How “Cookie-Gated” Web Shells Hide Silent RCE in Plain Sight

Do Son April 9, 2026

A technical analysis from the Microsoft Defender Security Research Team has revealed that threat actors are increasingly...

CVE-2026-34838 (CVSS 10): Critical RCE Flaw Uncovered in GroupOffice CRM GroupOffice RCE, Insecure Deserialization

CVE-2026-34838 (CVSS 10): Critical RCE Flaw Uncovered in GroupOffice CRM

Do Son April 6, 2026

In a significant discovery for enterprises and public sector organizations, a critical security vulnerability has been unmasked...

Silent Intruder: “EncystPHP” Web Shell Burrows into FreePBX Systems EncystPHP Web Shell FreePBX Vulnerability

Silent Intruder: “EncystPHP” Web Shell Burrows into FreePBX Systems

Do Son February 2, 2026

A sophisticated new web shell has been discovered burrowing into communication infrastructure, leveraging a critical vulnerability to...

Attacking from Within: How Adobe ColdFusion Admins Can Weaponize Remote Shares ColdFusion Archive (CAR), UNC Path Exploitation

Attacking from Within: How Adobe ColdFusion Admins Can Weaponize Remote Shares

Do Son January 6, 2026

Adobe has issued critical updates for its ColdFusion platform after security researcher Brian Reilly uncovered a clever...

Chinese Hackers Exploit Exposed ASP.NET Keys to Deploy TOLLBOOTH IIS Backdoor and Kernel Rootkit Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Chinese Hackers Exploit Exposed ASP.NET Keys to Deploy TOLLBOOTH IIS Backdoor and Kernel Rootkit

Do Son October 23, 2025

Researchers from Elastic Security Labs, in collaboration with Texas A&M University System (TAMUS) Cybersecurity, have uncovered a...

China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor Flax Typhoon ArcGIS Backdoor, SOE Web Shell

Flax Typhoon ArcGIS Backdoor, SOE Web Shell

China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor

Do Son October 16, 2025

A newly released report from ReliaQuest reveals how the China-backed advanced persistent threat (APT) group “Flax Typhoon”...

Huntress Uncovers Log Poisoning Campaign Linking Nezha and Ghost RAT in Widespread Asian Cyber Intrusions Nezha Web Compromise, Log Poisoning

Huntress Uncovers Log Poisoning Campaign Linking Nezha and Ghost RAT in Widespread Asian Cyber Intrusions

Do Son October 10, 2025

Huntress researchers have unveiled a new and highly creative intrusion technique that combines log poisoning, AntSword web...

Stealthy WordPress Malware Uncovered: Multi-Stage RAT Injects via Header.php, Hides Traces

Do Son June 30, 2025

Sucuri’s Puja Srivastava recently uncovered a stealthy and complex malware campaign targeting WordPress websites that left no...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

Three-Year Intrusion: SK Telecom Breach Exposes 27 Million User Records

Do Son May 21, 2025

In April 2025, South Korea’s leading telecommunications provider, SK Telecom, disclosed a major security incident. The company...

From Web Shell to Full Control: APT-Style Exploits Surge Against SAP NetWeaver Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

From Web Shell to Full Control: APT-Style Exploits Surge Against SAP NetWeaver

Do Son May 11, 2025

In a report issued by Unit 42, researchers disclosed that the vulnerability CVE-2025-31324, affecting SAP NetWeaver’s Visual...

Sophisticated IIS Malware Targets South Korean Web Servers IIS malware, South Korea cyberattack

Sophisticated IIS Malware Targets South Korean Web Servers

Do Son May 9, 2025

In a targeted and technically advanced cyber operation discovered in February 2025, the AhnLab Security Intelligence Center...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

DslogdRAT Malware Targets Ivanti Connect Secure via CVE-2025-0282 Zero-Day Exploit

Do Son April 26, 2025

A newly published report by Yuma Masubuchi from the JPCERT Coordination Center (JPCERT/CC) has uncovered the deployment...

WooCommerce Phishing Attack: Fake Vulnerability Exploits Store Owners Patchstack

WooCommerce Phishing Attack: Fake Vulnerability Exploits Store Owners

Do Son April 25, 2025

A new phishing campaign is targeting WooCommerce users with fake security vulnerability alerts, attempting to trick them...

Tropic Trooper Expands Espionage to Middle East, Targets Human Rights Organizations Tropic Trooper - China Chopper web shell

Tropic Trooper Expands Espionage to Middle East, Targets Human Rights Organizations

Do Son September 6, 2024

The cyber espionage group Tropic Trooper, also known as KeyBoy and Pirate Panda, has been observed shifting...

Cybersecurity Alert: Unseen WIREFIRE Web Shell Variant in ICS VPN Appliances Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Cybersecurity Alert: Unseen WIREFIRE Web Shell Variant in ICS VPN Appliances

Do Son January 28, 2024

Recently, QuoIntelligence has uncovered a previously unknown and undetected variant of the WIREFIRE web shell, a Python-based...

Threat Actors Exploit Adobe ColdFusion Vulnerability (CVE-2023-26360), CISA Warns CVE-2023-26360 exploit

Threat Actors Exploit Adobe ColdFusion Vulnerability (CVE-2023-26360), CISA Warns

Do Son December 5, 2023

The cybersecurity landscape is once again under siege, this time from a critical vulnerability in Adobe ColdFusion,...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Web Shell

The N-Day Nightmare: How SHADOW-EARTH-053 Breaches Governments Using “Old” Exploits

Froxlor’s CVSS 10 Flaw Turns Config Files into Persistent Backdoors

Beyond the URL: How “Cookie-Gated” Web Shells Hide Silent RCE in Plain Sight

CVE-2026-34838 (CVSS 10): Critical RCE Flaw Uncovered in GroupOffice CRM

Silent Intruder: “EncystPHP” Web Shell Burrows into FreePBX Systems

Chinese Hackers Exploit Exposed ASP.NET Keys to Deploy TOLLBOOTH IIS Backdoor and Kernel Rootkit

China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor

Huntress Uncovers Log Poisoning Campaign Linking Nezha and Ghost RAT in Widespread Asian Cyber Intrusions

Stealthy WordPress Malware Uncovered: Multi-Stage RAT Injects via Header.php, Hides Traces

Three-Year Intrusion: SK Telecom Breach Exposes 27 Million User Records

From Web Shell to Full Control: APT-Style Exploits Surge Against SAP NetWeaver

Sophisticated IIS Malware Targets South Korean Web Servers

DslogdRAT Malware Targets Ivanti Connect Secure via CVE-2025-0282 Zero-Day Exploit

WooCommerce Phishing Attack: Fake Vulnerability Exploits Store Owners

Tropic Trooper Expands Espionage to Middle East, Targets Human Rights Organizations

Cybersecurity Alert: Unseen WIREFIRE Web Shell Variant in ICS VPN Appliances

Threat Actors Exploit Adobe ColdFusion Vulnerability (CVE-2023-26360), CISA Warns