Security news aggregator

Latest coverage for PHP

PHP is a server-side scripting language whose code, runtimes, and frameworks can expose web applications to vulnerabilities when poorly secured.

80 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

PHP is an open-source programming language and runtime used mainly to execute server-side code for web applications, often generating HTML and interacting with databases, files, sessions, and external services. Its security relevance covers both the PHP runtime and the applications, extensions, and third-party packages that run within it.

PHP releases and bundled or separately installed extensions can contain vulnerabilities, so supported versions and dependencies should be tracked and patched through vulnerability management. More commonly, application flaws arise from unsafe input handling, such as SQL injection, cross-site scripting, file inclusion, or insecure deserialization; these are not automatically prevented by the language. Secure deployments use parameterized database queries, context-appropriate output encoding, strict upload and filesystem controls, protected session and CSRF handling, and least-privilege service accounts. Configuration and dependency changes should be tested, and logs can help identify exploitation of exposed PHP endpoints.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 80 Filtered view

Hackers exploit CVE-2026-3300 in Everest Forms Pro to inject PHP via form fields, creating rogue admin accounts. 29,300 attempts blocked. Researcher h0xilo submitted a flaw in Everest Forms Pro for WordPress, tracked as CVE-2026-3300, to Wordfence’s bug bounty program and earned $325 for it. WPEverest patched the flaw on March 18. Wordfence published a full […]

Bank Info Security 8 months, 1 week ago

Cryptohack Roundup: Europol Busts 600M Euro Fraud Network

Also: SBF Appeals Conviction, PHP Exploits Fuel CryptominingEvery week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, Europol's 600 million euro fraud network bust, Sam Bankman-Fried conviction appeal, PHP exploits fueled cryptomining campaigns and sentencing set for Samourai Wallet founders.

Bank Info Security 1 year, 2 months ago

Activated Magento Backdoor Hits Up to 1,000 Online Stores

Dormant PHP Backdoor Steals Payment DataIt took six years for a backdoor tucked in widely used Magento extensions for online stories to become apparent but it did so on April 20, affecting hunderds of digital storefronts. Security firm Sansec estimates between 500 to 1,000 stores run the software, "including a $40 billion multinational."

Loading more headlines...