QNAP warns of a critical PHP flaw that could lead to remote code execution
Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution. Taiwanese …
PHP
Hijacking of popular ctx and phpass packages reveals open source security gaps
The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS …
FBI warns of scraping attacks targeting online checkout pages
The U.S. Federal Bureau of Investigation has issued a flash alert warning businesses that cybersecurity actors are scraping credit card …
FBI: Hackers used malicious PHP code to grab credit card data
The Federal Bureau of Investigations (FBI) is warning that someone is scraping credit card data from the checkout pages of US businesses’ …
15-Year-old Security Vulnerability In The PEAR PHP Repository Permits Supply Chain Attack
PEAR PHP repository has been found to contain a 15-year-old security vulnerability that could provide an attacker with the ability to carry …
15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks
A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply …
Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters
Researchers have disclosed an unpatched security vulnerability in “dompdf,” a PHP-based HTML to PDF converter, that, if successfully …
Irony alert! PHP fixes security flaw in input validation code
If you’re using PHP in your network, check that you’re using the latest version, currently 8.1.3. Released yesterday [2022-02-17], this …
PHP Everywhere code execution bugs impact thousands of WordPress websites
Critical remote code execution (RCE) vulnerabilities in a popular WordPress plugin have been made public. The RCE bugs impact PHP …
PHP Everywhere RCE flaws threaten thousands of WordPress sites
Researchers found three critical remote code execution (RCE) vulnerabilities in the ‘PHP Everywhere’ plugin for WordPress, used by over …
WordPress News » Security: WordPress 5.7.2 Security Release
WordPress 5.7.2 is now available. This security release features one security …
PHP Composer Flaw That Could Affect Millions of Sites Patched
A patch has been issued for a serious vulnerability that impacts PHP Composer – a tool to manage and install software dependencies in the …
PHP community sidesteps its third supply chain attack in three years
Swiss cybersecurity researchers recently found security holes in Composer, the software tool that programming teams use to access …
Command injection flaw in PHP Composer allowed supply-chain attacks
A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package. The …