Stay updated on PHP-related cyber security trends, threats, and best practices. Your go-to source for all PHP information security news.
Search across headline titles and summaries.
Background for this topic.
PHP is a widely-used open-source server-side scripting language designed primarily for web development but also used for general-purpose programming. In web development, PHP scripts are executed on the server, generating HTML which is sent to the client. PHP can be embedded in HTML, and it's commonly used to manage dynamic content, databases, session tracking, and even build entire e-commerce sites.
In the context of information security, PHP holds significant importance due to its vast usage across the internet. Security concerns with PHP applications often stem from poor coding practices which enable vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). It is critical for developers to follow best practices in PHP coding to ensure that they do not introduce security weaknesses. The community regularly updates PHP to patch known vulnerabilities, and implementing these updates is a crucial step in maintaining secure PHP-based systems. As PHP is a popular target for attackers exploiting web application vulnerabilities, understanding and mitigating risks in PHP environments is paramount for protecting user data and services.
Weekly headline count for the current query.
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck
Unknown attackers have deployed a newly discovered backdoor dubbed Msupedge on a university's Windows systems in Taiwan, likely by exploiting a recently patched PHP remote code execution vulnerability (CVE-2024-4577). [...]
Redmond splats dozens of bugs as does Adobe while Arm drivers and PHP under active attack Patch Tuesday Microsoft kicked off our summer season with a relatively light June Patch Tuesday, releasing updates for 49 CVE-tagged security flaws in its products – including one bug deemed critical, a fairly terrifying one in wireless networking, and one listed as publicly disclosed.…
The TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems. [...]