reverse shell
-
Researchers warn spoofed AI sidebars can trick Atlas and Comet users into dangerous actions
Security researchers at SquareX say they can use a malicious browser extension to overlay a fake AI sidebar in Atlas and Comet, tricking users into phishing pages, OAuth theft of Gmail/Drive access, or running commands that install a reverse shell.
-
Critical ICTBroadcast flaw (CVE-2025-2611) exploited to deploy reverse shells
A critical input-validation flaw in ICTBroadcast (CVE-2025-2611, CVSS 9.3) allows unauthenticated command injection via a session cookie; researchers including VulnCheck say the bug is being exploited to run reverse shells on exposed servers, and no patch information is currently available.
