Security News

How one man could have pwned all your PHP programs
2018-08-30 15:13

Popular PHP package repository front end Packagist turned out to have an embarrassing command injection hole - now closed!

So phar, so FUD: PHP flaw puts WordPress sites at risk of hacks
2018-08-20 12:40

But claims of 'complete system compromise' are a little extreme Bsides Manchester A newly discovered WordPress flaw has left installs of the ubiquitous content management system potentially...

Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution
2018-08-17 18:03

The issue impacts several content management systems, including Typo3 and WordPress, as well as widely-used PDF generation library TCPDF.

New PHP Code Execution Attack Puts WordPress Sites at Risk
2018-08-17 09:33

Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP...

How to install mcrypt for PHP 7.2
2018-07-12 23:14

If you've discovered that you can't install mcrypt as you once could, fret not. Here are the steps to take so you can get that oft-used dependency installed with the help of pecl.

Brain Food botnet infected 5,000+ websites with malicious PHP scripts in past 4 months
2018-05-23 14:16

The botnet tries to trick users into buying fake diet and brain-boosting pills in order to steal personal info. It does a great job of hiding itself, and it's spreading like wildfire.

Malicious PHP Script Infects 2,400 Websites in the Past Week
2018-05-21 21:44

A botnet called Brain Food is pushing diet pills via infected WordPress and Joomla websites.

Google's PHP API client has XSS vulnerability (The Register)
2017-05-12 05:18

Ubiquiti network gear can be 'hijacked by an evil URL' thanks to its 20-year-old PHP build (The Register)
2017-03-16 22:18

Researchers Used PHP Zero-Days to Hack PornHub (SecurityWeek)
2016-07-25 09:46