Security News

New PHP Code Execution Attack Puts WordPress Sites at Risk
2018-08-17 09:33

Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP...

How to install mcrypt for PHP 7.2
2018-07-12 23:14

If you've discovered that you can't install mcrypt as you once could, fret not. Here are the steps to take so you can get that oft-used dependency installed with the help of pecl.

Brain Food botnet infected 5,000+ websites with malicious PHP scripts in past 4 months
2018-05-23 14:16

The botnet tries to trick users into buying fake diet and brain-boosting pills in order to steal personal info. It does a great job of hiding itself, and it's spreading like wildfire.

Malicious PHP Script Infects 2,400 Websites in the Past Week
2018-05-21 21:44

A botnet called Brain Food is pushing diet pills via infected WordPress and Joomla websites.

Google's PHP API client has XSS vulnerability (The Register)
2017-05-12 05:18

Ubiquiti network gear can be 'hijacked by an evil URL' thanks to its 20-year-old PHP build (The Register)
2017-03-16 22:18

Researchers Used PHP Zero-Days to Hack PornHub (SecurityWeek)
2016-07-25 09:46

PHP flaws allowed God mode access to top smut site (The Register)
2016-07-25 00:01

Severe Swagger vulnerability compromises NodeJS, PHP, Java (ZDNet)
2016-06-23 14:42

PHP, Python still fail to spot revoked TLS certificates (Help Net Security)
2016-04-01 16:04

In 2012, a group of researchers demonstrated that SSL certificate validation is broken in many applications and libraries, and pointed out the root causes for that situation: badly designed APIs...