Webshell
The latest Webshell coverage — news, analysis, and updates from the WindowsNews.AI desk.
Unauthenticated RCE Exploits Hit On-Prem SharePoint — Patch, Rotate Keys, and Hunt Now
Microsoft’s on-premises SharePoint servers are under active attack from a chain of vulnerabilities that grant unauthenticated attackers remote code execution (RCE). The exploit combines an...
ESET Uncovers GhostRedirector: Silent IIS Backdoor Drives SEO Fraud on 65+ Windows Servers
At least 65 internet-facing Windows servers have been quietly conscripted into an SEO fraud network, each one armed with a stealthy backdoor and a malicious IIS module that feeds manipulated content...
ESET Exposes GhostRedirector: China-Aligned Hackers Deploy IIS SEO Fraud and Custom Backdoor on 65 Windows Servers
In June 2025, ESET researchers unearthed a previously unknown threat actor they call GhostRedirector, which had compromised at least 65 Windows servers around the globe. The attackers deployed two...
CISA Flags Actively Exploited Citrix NetScaler CVE-2025-7775, Demands Urgent Patch
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Citrix NetScaler vulnerability, tracked as CVE-2025-7775, to its Known Exploited Vulnerabilities (KEV) Catalog after...
Active SharePoint RCE Exploits Chain Deserialization Bug to Deploy Web Shells and Ransomware
Attackers are actively chaining a deserialization vulnerability in on-premises SharePoint Server with an authentication bypass to gain remote code execution without credentials—then stealing the...
Urgent Security Alert: Advanced Zero-Day Exploit Chain Targets Microsoft SharePoint Servers
A fresh wave of cyberattacks has ignited major concerns within enterprise IT and cybersecurity communities. At the center of this storm is a newly disclosed exploit chain targeting Microsoft...
Commvault Cloud Security Breach: Exploitation of CVE-2025-34028 and CVE-2025-3928 in 2025
Overview On May 22, 2025, Commvault, a leading enterprise data backup provider, issued an urgent advisory regarding active cyber threats targeting its Metallic software-as-a-service (SaaS)...