Security News

PHP Everywhere RCE flaws threaten thousands of WordPress sites
2022-02-09 21:33

PHP Everywhere is a plugin that allows WordPress admins to insert PHP code in pages, posts, the sidebar, or any Gutenberg block, and use it to display dynamic content based on evaluated PHP expressions. CVE-2022-24663 - Remote code execution flaw exploitable by any subscriber by allowing them to send a request with the 'shortcode' parameter set to PHP Everywhere, and execute arbitrary PHP code on the site.

Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons
2021-05-14 04:45

Cybercrime groups are distributing malicious PHP web shells disguised as a favicon to maintain remote access to the compromised servers and inject JavaScript skimmers into online shopping platforms with an aim to steal financial information from their users. Injecting web skimmers on e-commerce websites to steal credit card details is a tried-and-tested modus operandi of Magecart, a consortium of different hacker groups who target online shopping cart systems.

S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug [Podcast]
2021-05-06 18:28

We look into Apple's recent emergency updates that closed off four in-the-wild browser bugs. We explain how the infamous "Flubot" home delivery scam works and how to stop it.

PHP community sidesteps its third supply chain attack in three years
2021-04-30 18:37

Supply chain researcher Max Justicz noticed that he could upload new PHP packages that would trick the Packagist system into running commands of his choice, rather than simply dowloading and publishing his submission. The 2018 exploit involved simply swapping out a URL for a system command, and instead of Composer downloading data from a URL, it would inadvertently run the command inserted where the URL was supposed to be.

A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks
2021-04-29 08:27

The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and "Backdoor every PHP package," resulting in a supply-chain attack. "Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders," Composer said its release notes for versions 2.0.13 and 1.10.22 published on Wednesday.

WordPress 5.7.1 Patches XXE Flaw in PHP 8
2021-04-19 20:03

WordPress has released version 5.7.1 of its popular content management system, which brings more than 25 bug fixes, including patches for two security vulnerabilities. One of the patched security flaws is an XML External Entity vulnerability in the ID3 library in PHP 8, which is used by WordPress.

Backdoor Added — But Found — in PHP
2021-04-09 13:54

Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits, with the subject "Fix typo" and the names of known PHP developers and maintainers.

PHP Developers Share Update on Recent Breach
2021-04-08 12:09

The developers of the PHP scripting language have shared an update on the recently disclosed breach in which attackers planted malicious code. Php.net server and it was apparently designed to allow an attacker to remotely execute arbitrary PHP code.

PHP Site's User Database Was Hacked In Recent Source Code Backdoor Attack
2021-04-07 23:07

The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user database leaked," Nikita Popov said in a message posted on its mailing list on April 6.

Update on PHP source code compromise: User database leak suspected
2021-04-07 14:38

PHP maintainer Nikita Popov has posted an update concerning how the source code was compromised and malicious code inserted - blaming a user database leak rather than a problem with the server itself. The PHP code repository was compromised late last month with the insertion of code that, if left in place, would have enabled a backdoor into any web server running it.