The Hacker News

Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave

The access afforded by the ANTSWORD web shell is then used to run the "whoami" command to determine the privileges of the web server and deliver the open-source Nezha agent, which can be used to ...
CSO Online

Open-source monitor turns into an off-the-shelf attack beacon

Hackers used log poisoning and web shells to convert Nezha into a remote access tool targeting networks across East Asia.
Infosecurity-magazine.com

Nezha Tool Used in New Cyber Campaign Targeting Web Applications

A newly uncovered cyber campaign featuring the open-source tool Nezha has been observed targeting vulnerable web applications. Beginning in August 2025, Huntress analysts traced a sophisticated ...