Latest episode – listen now! (And please share with your friends.)
Browsing CategoryPHP
PHP community sidesteps its third supply chain attack in three years
Third time lucky! (The first two times were lucky, too, luckily.)
S3 Ep26: Apple 0-day, crypto vulnerabilities and PHP backdoor [Podcast]
Latest episode – listen now!
PHP web language narrowly avoids dangerous supply chain attack
The crooks got in and added a backdoor to PHP, but it looks as though it was caught before any harm was done.
Ensiko – A PHP Based Web Shell with Ransomware Capabilities Attacks PHP Installation
Researchers observed a new PHP web shell dubbed Ensiko with ransomware capabilities that attack PHP installed on platforms such as Linux, Windows, macOS, and others. The malware is capable of providing remote access and accepts commands from the attacker via a PHP reverse shell. Security researchers from Trend Micro observed that the malware scans infected […]
The post Ensiko – A PHP Based Web Shell with Ransomware Capabilities Attacks PHP Installation appeared first on GBHackers On Security.
Ensiko: A Webshell With Ransomware Capabilities
Ensiko is a PHP web shell with ransomware capabilities that targets various platforms such as Linux, Windows, macOS, or any other platform that has PHP installed. The malware has the capability to remotely control the system and accept commands to perform malicious activities on the infected machine.
The post Ensiko: A Webshell With Ransomware Capabilities appeared first on .
Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion
By Augusto Remillano II One of our honeypots detected a spam campaign that uses compromised devices to attack vulnerable web servers. After brute-forcing devices with weak access credentials, the attackers…
Is your e-commerce site being used to test stolen card data?
If you’re running Magento you should be on the look out for hackers testing stolen card data – it could get your PayPal account suspended. This post appeared first on…
Flaw in popular PDF creation library enabled remote code execution
A researcher has discovered a high-severity bug in a popular PHP library used for creating PDFs. This post appeared first on Naked Security Blog by Sophos Author: Danny Bradbury
How one man could have pwned all your PHP programs
Popular PHP package repository front end Packagist turned out to have an embarrassing command injection hole – now closed! This post appeared first on Naked Security Blog by Sophos Author:…