Threat Research

    Unveiling the Weaponized Web Shell EncystPHP

    Labs identified a web shell dubbed “EncystPHP” with advanced capabilities such as remote command execution, persistence, and web shell deployment. The attacks began in early December last year and spread through exploitation of the FreePBX vulnerability CVE-2025-64328. The activity is linked to the hacker group INJ3CTOR3, first observed in 2020 targeting CVE-2019-19006....
    1/29/2026  0
    Read More »

    RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits

    A major botnet campaign, dubbed RondoDox, is actively exploiting over 50 known vulnerabilities in routers, DVRs, NVRs, CCTV systems, and web servers from more than 30 vendors. Organizations with internet-facing infrastructure face heightened risks of data theft, persistent access, and operational disruption....
    10/10/2025  0
    Read More »

    Botnets Continue to Target Aging D-Link Vulnerabilities

    In October and November 2024, a surge in activity was observed by two botnets, the Mirai variant "FICORA" and the Kaiten variant "CAPSAICIN," both exploiting aging D-Link vulnerabilities. These vulnerabilities, primarily through the HNAP interface, allow remote attackers to execute malicious commands....
    12/27/2024  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.