Scans for EncystPHP Webshell, (Mon, Apr 13th)

Monday, April 13, 2026 at 01:02 PM UTC·Source: SANS ISC

Updated: Monday, April 13, 2026 at 01:06 PM UTC

Executive Summary

Last week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying attention and are deploying webshells with more difficult-to-guess credentials. Today, I noticed some scans for what appears to be the "EncystPHP" web shell. Fortinet wrote about this webshell back in Janu

Analysis

Source Attribution

Originally published by SANS ISC on Apr 13, 2026.

Related Threats

LOWVulnerabilityNEW

SRM appoints Ian Povey to advisory board

SRM, a trusted advisory firm serving financial institutions globally, announced the appointment of Ian Povey to its International Advisory Board.

Just nowFinextra

MEDIUMVulnerabilityNEW

Deep Scan: Expanding Vulnerability Detection Beyond Traditional Boundaries

Security teams estimate that a significant percentage of enterprise software is installed outside standard system directories or package-managed locations, creating persistent visibility gaps for traditional vulnerability-scanning methods. As environments become more decentralized, with applications spread across different drives, custom installation locations, and unmanaged folders, organizations

12m agoQualys Blog

MEDIUMVulnerability

Nationwide trials expansion of dementia clinics across Virgin Money branches

Nationwide is bringing specialist dementia clinics to Virgin Money branches, expanding its high-street services to reach even more communities and reinforcing its longstanding commitment to keeping branches open until at least 2030.

1h agoFinextra