Threat Research

    Unveiling the Weaponized Web Shell EncystPHP

    Labs identified a web shell dubbed “EncystPHP” with advanced capabilities such as remote command execution, persistence, and web shell deployment. The attacks began in early December last year and spread through exploitation of the FreePBX vulnerability CVE-2025-64328. The activity is linked to the hacker group INJ3CTOR3, first observed in 2020 targeting CVE-2019-19006....
    1/29/2026  0
    Read More »

    RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits

    A major botnet campaign, dubbed RondoDox, is actively exploiting over 50 known vulnerabilities in routers, DVRs, NVRs, CCTV systems, and web servers from more than 30 vendors. Organizations with internet-facing infrastructure face heightened risks of data theft, persistent access, and operational disruption....
    10/10/2025  0
    Read More »

    Potential CVE-2021-41379 Exploitation Attempt

    A Potential CVE-2021-41379 Exploitation Attempt refers to the detection of attempts to exploit a local privilege escalation (LPE) vulnerability, CVE-2021-41379, known as InstallerFileTakeOver. In this vulnerability, an attacker triggers a cmd.exe process as a child of the Microsoft Edge elevation service, elevation_service, while inheriting LOCAL_SYSTEM rights....
    1/3/2025  0
    Read More »

    CVE-2021-1675 Print Spooler Exploitation Filename Pattern

    CVE-2021-1675, also known as the "Print Spooler" vulnerability, is a security flaw in Microsoft Windows that affects the Print Spooler service. This vulnerability allows attackers to execute arbitrary code with system-level privileges by exploiting improper validation of file paths....
    9/17/2024  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.