#BadCandy #Webshell threatens unpatched #Cisco IOS XE devices, warns Australian government
https://securityaffairs.com/184095/hacking/badcandy-webshell-threatens-unpatched-cisco-ios-xe-devices-warns-australian-government.html
#securityaffairs #hacking

🌘 MD5 碰撞：webshell 與普通檔案的雙重身分
➤ 當惡意程式碼披上合法外衣
✤ https://github.com/phith0n/collision-webshell
本儲存庫展示了一個獨特的資安技術，其中一個 PHP webshell 檔案與一個看似無害的普通 PHP 檔案，在 MD5 雜湊值上完全相同。這意味著，儘管兩者的內容截然不同，但它們經過 MD5 演算法計算後會產生相同的雜湊值。這種現象稱為 MD5 碰撞，為資安研究和應用帶來了新的視角，尤其是在檔案驗證和惡意軟體識別方面。
+ 太驚人了！原本以為 MD5 已經過時，沒想到還能玩出這種花樣。這對於防毒軟體和入侵偵測系統來說是個大挑戰。
+ 這個概念很有趣，但實際應用是什麼？是否可以在偵測系統中繞過檢查？
#資訊安全 #雜湊碰撞 #webshell #PHP

😱 Breaking news: Someone discovered a #webshell and a normal file share an MD5 hash! 🚨 Stop the presses, this changes everything! Meanwhile, #GitHub is busy deploying #AI to write better code while nobody noticed the hash collision between a sandwich and a rock. 🍔🗿
https://github.com/phith0n/collision-webshell #BreakingNews #HashCollision #CodeSecurity #HackerNews #ngated

I loved when I see web shells challenges (Red or Blue) in CTF games. Reminds me of my web shells research I did years ago, paper: https://vulnex.com/data/VULNEX_VB2017_ShellInTheWeb.pdf #WebShell #pentesting #cybersecurity #APT #AppSec

#BREAKING #ESETResearch has been monitoring the recently discovered #ToolShell zero-day vulnerabilities in #SharePoint Server: CVE-2025-53770 and CVE-2025-53771. SharePoint Online in Microsoft 365 is not impacted. https://www.welivesecurity.com/en/eset-research/toolshell-an-all-you-can-eat-buffet-for-threat-actors/
ESET first detected an attempt to exploit part of the execution chain on July 17 in Germany 🇩🇪. Here, the final #webshell payload was not delivered. The first time we registered the payload was on July 18 in Italy 🇮🇹. We have since seen active ToolShell exploitation all over the world.
We have uncovered several IP addresses that were used in the attacks from July 17 to July 22. The charts show the timeline of the attacks from the three most active of these IP addresses.
ToolShell is being exploited by all sorts of threat actors, from petty cybercriminals to state-sponsored groups, among them China 🇨🇳-aligned #APTs. We expect these attacks to continue taking advantage of unpatched systems.
IoCs available in our GitHub repo: https://github.com/eset/

🚨 CRITICAL CVE-2025-28951: CreedAlly Bulk Featured Image (≤1.2.1) vulnerability lets attackers upload web shells via unrestricted file uploads. Review deployments, restrict uploads, and monitor now. https://radar.offseq.com/threat/cve-2025-28951-cwe-434-unrestricted-upload-of-file-4dd0578c #OffSeq #WordPress #Vuln #WebShell

Offline webshell scanning tool, based on YARA rules https://github.com/ekky19/Yara-Standalone-Webshell-Scanner #DFIR #yara #webshell