CSOonline

Patched Apache ActiveMQ bug abused to drop Godzilla web shells

The attack methods being used to abuse the bug can successfully circumvent security measures, evading detection by security endpoints during scanning. A patched critical remote code execution (RCE) ...
Statetechmagazine

How to Detect and Remove Threatening Web Shells

Tanya Candia is an international management expert, specializing for more than 25 years in information security strategy and communication for public- and private-sector organizations. Stealthy, ...
TechCrunch

Someone is trying to recruit security researchers in bizarre hacking campaign

Are you willing to hack and take control of Chinese websites for a random person for up to $100,000 a month? “We are recruiting webshell engineers and teams to penetrate Chinese websites worldwide, ...
Infosecurity-magazine.com

Nezha Tool Used in New Cyber Campaign Targeting Web Applications

A newly uncovered cyber campaign featuring the open-source tool Nezha has been observed targeting vulnerable web applications. Beginning in August 2025, Huntress analysts traced a sophisticated ...
Dark Reading

Chinese Hackers Deployed Backdoor Quintet to Down MITRE

China-linked hackers deployed a roster of different backdoors and Web shells in the process of compromising the MITRE Corporation late last year. Last month news broke that MITRE, best known for its ...
CSOonline

SAP NetWeaver customers urged to deploy patch for critical zero-day vulnerability

The unrestricted file upload flaw is likely being exploited by an initial access broker to deploy JSP web shells that grant full access to servers and allow installing additional malware payloads.
Dark Reading

SEO Poisoning Campaign Tied to Chinese Actor

A search engine optimization (SEO) poisoning campaign is targeting users in East and Southeast Asia using a malicious native Internet Information Services (IIS) module called BadIIS to intercept and ...