Aug 20, 2024Ravie LakshmananVulnerability / Threat Intelligence A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan. "The most notable feature of this backdoor is that it communicates with a command-and-control (C&C) server via DNS traffic," the Symantec Threat Hunter Team, part of … [Read more...] about Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor
PHP
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
Jun 08, 2024NewsroomVulnerability / Programming Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating … [Read more...] about New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
Over a Dozen PHP Packages with 500 Million Compromised
May 05, 2023Ravie LakshmananProgramming / Software Security PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.json with their own message … [Read more...] about Over a Dozen PHP Packages with 500 Million Compromised
Introducing the new PHP client for Elasticsearch 8
Introducing the new PHP client for Elasticsearch 8English简体中文한국어日本語FrançaisDeutschEspañolPortuguêsThe new PHP client for Elasticsearch 8 has been rewritten from scratch. Along with adopting the PSR standards, we’ve also redesigned the architecture and moved the HTTP transport layer outside. A pluggable system is also now available, thanks to the HTTPlug library.Read on to … [Read more...] about Introducing the new PHP client for Elasticsearch 8
15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks
A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code. "An attacker exploiting the first one could take over any developer account and publish malicious releases, while the second bug would … [Read more...] about 15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the … [Read more...] about New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
Multiple Code Execution Flaws Found In PHP Programming Language
Maintainers of the PHP programming language recently released the latest versions of PHP to patch multiple high-severity vulnerabilities in its core and bundled libraries, the most severe of which could allow remote attackers to execute arbitrary code and compromise targeted servers.Hypertext Preprocessor, commonly known as PHP, is the most popular server-side web programming … [Read more...] about Multiple Code Execution Flaws Found In PHP Programming Language
WP Live Chat WordPress Plugin Re-Patches File Upload Flaw
After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued. Source link … [Read more...] about WP Live Chat WordPress Plugin Re-Patches File Upload Flaw
GoDaddy Shutters 14,000 Subdomains Tied to ‘Snake Oil’ Scams
GoDaddy worked with researchers to shut down 15,000 domain-shadowing websites tied to bogus affiliate marketing offers promoted via spam campaigns. Source link … [Read more...] about GoDaddy Shutters 14,000 Subdomains Tied to ‘Snake Oil’ Scams
Pay What You Want: Back-End Developer Course Bundle
Learn Python, Ruby & PHP w/ 8 Courses of 95 + Hours of Programming Bootcamp Expires July 14, 2015 23:59 PST Buy now and get 99% off … [Read more...] about Pay What You Want: Back-End Developer Course Bundle