Stay updated on PHP-related cyber security trends, threats, and best practices. Your go-to source for all PHP information security news.
Search across headline titles and summaries.
Background for this topic.
PHP is a widely-used open-source server-side scripting language designed primarily for web development but also used for general-purpose programming. In web development, PHP scripts are executed on the server, generating HTML which is sent to the client. PHP can be embedded in HTML, and it's commonly used to manage dynamic content, databases, session tracking, and even build entire e-commerce sites.
In the context of information security, PHP holds significant importance due to its vast usage across the internet. Security concerns with PHP applications often stem from poor coding practices which enable vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). It is critical for developers to follow best practices in PHP coding to ensure that they do not introduce security weaknesses. The community regularly updates PHP to patch known vulnerabilities, and implementing these updates is a crucial step in maintaining secure PHP-based systems. As PHP is a popular target for attackers exploiting web application vulnerabilities, understanding and mitigating risks in PHP environments is paramount for protecting user data and services.
Weekly headline count for the current query.
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework
Drupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck
Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution
The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that's functional on Windows, macOS, and Linux systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild
A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. [...]
Also: SBF Appeals Conviction, PHP Exploits Fuel CryptominingEvery week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, Europol's 600 million euro fraud network bust, Sam Bankman-Fried conviction appeal, PHP exploits fueled cryptomining campaigns and sentencing set for Samourai Wallet founders.
Infamous botnets like Mirai are exploiting Web-exposed assets such as PHP servers, IoT devices, and cloud gateways to gain control over systems and build strength.
Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi
A rise in attacks on PHP servers, IoT devices and cloud gateways is linked to botnets exploiting flaws, according to new research published by Qualys
A cyber campaign using Nezha has been identified, targeting vulnerable web apps with PHP web shells and Ghost RAT
Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread campaign using a variant of ClickFix called FileFix
Dormant PHP Backdoor Steals Payment DataIt took six years for a backdoor tucked in widely used Magento extensions for online stories to become apparent but it did so on April 20, affecting hunderds of digital storefronts. Security firm Sansec estimates between 500 to 1,000 stores run the software, "including a $40 billion multinational."
Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin
Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access
Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT
Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. [...]