Ars Technica

Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating

Ransomware criminals have quickly weaponized an easy-to-exploit vulnerability in the PHP programming language that executes malicious code on web servers, security researchers said. As of Thursday, ...
Threat Post

New Exploits Arrive for Old PHP Vulnerability

New exploits for a two-year-old PHP vulnerability popped up in October that allow hackers to run code on websites running vulnerable versions of the web development framework. Close to two years ago, ...
ZDNet

GitHub security alerts now support PHP projects

Since the Dependency Graph feature is intertwined with the Security Alerts (Vulnerability Alerts) feature, this also means GitHub users will also be eligible to receive automatic security alerts for ...
Bleeping Computer

Critical PHP RCE vulnerability mass exploited in new attacks

Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. Tracked as CVE-2024-4577, this PHP-CGI ...
Ars Technica

Nasty bug with very simple exploit hits PHP just in time for the weekend

A critical vulnerability in the PHP programming language can be trivially exploited to execute malicious code on Windows devices, security researchers warned as they urged those affected to take ...
CIO

PHP Working on New Patch for Critical Vulnerability After Initial One Failed

The PHP Group plans to release new versions of the PHP processor on Tuesday in order to patch two publicly known critical remote code execution vulnerabilities, one of which was improperly addressed ...