Security News

Microsoft Defender ATP detects Chrome updates as PHP backdoors
2021-02-03 16:17

Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file. Even though multiple Microsoft security accounts were tagged on Twitter and the company was also contacted to provide a statement regarding this ongoing issue, Redmond hasn't yet provided an official reply.

RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework
2021-01-05 22:28

Versions of the popular developer tool Zend Framework and its successor Laminas Project can be abused by an attacker to execute remote code on PHP-based websites, if they are running web-based applications that are vulnerable to attack. Impacted is Zend Framework version 3.0.0 and Laminas Project laminas-http before 2.14.2, with an estimated "Several million websites" using the framework and possibly impacted.

Week in review: Keeping up with ransomware, critical PHP RCE exploited, DevOps firewall
2019-11-03 15:00

Here’s an overview of some of last week’s most interesting news and articles: Leading domain name registrars suffered data breach Web technology company Web.com and its subsidiaries – domain name...

PHP team fixes nasty site-owning remote execution bug
2019-10-29 11:48

The PHP development team has fixed a bug that could allow remote code execution in some setups of the programming language.

PHP Bug Allows Remote Code-Execution on NGINX Servers
2019-10-28 16:18

CVE-2019-11043 is trivial to exploit -- and a proof of concept is available.

PHP RCE flaw actively exploited to pop NGINX servers
2019-10-28 12:24

A recently patched vulnerability (CVE-2019-11043) in PHP is being actively exploited by attackers to compromise NGINX web servers, threat intelligence firm Bad Packets has confirmed. For a...

New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
2019-10-26 19:04

If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized...

Multiple Code Execution Flaws Found In PHP Programming Language
2019-09-06 11:19

Maintainers of the PHP programming language recently released the latest versions of PHP to patch multiple high-severity vulnerabilities in its core and bundled libraries, the most severe of which...

Trakt app users' personal data exposed: We were hit by a 'PHP exploit'... back in 2014
2019-02-07 10:46

No payment info, but users' names, locations, email addies etc all 'lost' Trakt, the makers of an app that monitors users' TV programme and movie viewing habits, has 'fessed up to falling victim...

PHP PEAR supply chain attack: Backdoor added to installer
2019-01-24 12:57

Some additional details have emerged about the recent security breach involving the PHP PEAR (PHP Extension and Application Repository) webserver, but much is still unknown. What happened? The...