-
TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers
The TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems.
- June 11, 2024
- 10:25 AM
0
-
PHP fixes critical RCE flaw impacting all versions for Windows
A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide.
- June 07, 2024
- 10:32 AM
0
-
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin
A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.
- December 11, 2023
- 05:46 PM
- 2
-
WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection
The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection.
- May 30, 2023
- 03:42 PM
- 0
-
Researcher hijacks popular Packagist PHP packages to get a job
A researcher hijacked over a dozen Packagist packages—with some having been installed hundreds of millions of times over the course of their lifetime. The researcher reached out to BleepingComputer stating that by hijacking these packages he hopes to get a job. And, he seems pretty confident that this would work.
- May 03, 2023
- 11:30 AM
- 1
-
Attackers use abandoned WordPress plugin to backdoor websites
Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors.
- April 20, 2023
- 04:02 PM
- 2
-
Critical PHP flaw exposes QNAP NAS devices to RCE attacks
QNAP has warned customers today that many of its Network Attached Storage (NAS) devices are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution.
- June 22, 2022
- 06:20 AM
- 1
-
Hacker says hijacking libraries, stealing AWS keys was ethical research
The hacker of 'ctx' and 'PHPass' libraries has now broken silence and explained the reasons behind this hijack to BleepingComputer. According to the hacker, this was a bug bounty exercise and no malicious activity was intended.
- May 25, 2022
- 09:42 AM
- 2
-
Popular Python and PHP libraries hijacked to steal AWS keys
PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. Additionally, versions of a 'phpass' fork published to the PHP/Composer package repository Packagist had been altered to steal secrets.
- May 24, 2022
- 07:42 AM
- 0
-
PHP Everywhere RCE flaws threaten thousands of WordPress sites
Researchers found three critical remote code execution (RCE) vulnerabilities in the PHP Everywhere plugin for WordPress, used by over 30,000 websites worldwide.
- February 09, 2022
- 04:33 PM
- 0
-
PHP's Git server hacked to add backdoors to PHP source code
In the latest software supply chain attack, the official PHP Git repository was hacked and tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.php.net server. The threat actors had signed off on these commits as if they were made by known PHP developers.
- March 29, 2021
- 03:32 AM
- 1
-
Zend Framework disputes RCE vulnerability, issues patch
An untrusted deserialization vulnerability has been disclosed in how Zend Framework can be used by attackers to achieve remote code execution on PHP sites. Portions of Laminas Project may also be impacted by this flaw, tracked as CVE-2021-3007, now being disputed by Zend/Laminas.
- January 04, 2021
- 11:05 AM
- 6
-
Drupal issues emergency fix for critical bug with known exploits
Drupal has released emergency security updates to address a critical vulnerability with known exploits that could allow for arbitrary PHP code execution on some CMS versions.
- November 27, 2020
- 12:31 PM
- 0
-
CBS Last.fm fixes admin password leakage via Symfony profiler
This week, British music streaming service, Last.fm has fixed a credentials leak on their systems. The leak occurred due to a misconfigured Symfony profiler, exposing admin username and password.
- November 27, 2020
- 09:43 AM
- 1
-
Feature-rich Ensiko malware can encrypt, targets Windows, macOS, Linux
Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers.
- July 28, 2020
- 03:33 AM
- 0
-
Microsoft will not support PHP 8.0 for Windows in 'any capacity'
Microsoft has announced that it will not offer support in 'any capacity' for PHP for Windows 8.0 when it is released.
- July 10, 2020
- 03:10 PM
- 2
-
Drupal Fixes “Highly Critical” Vulnerability
Administrators of websites running the Drupal content management software (CMS) are urged to take immediate action to mitigate a newly discovered a vulnerability that can lead to remote execution of PHP code under specific circumstances.
- February 21, 2019
- 08:42 AM
- 0
-
Critical Flaw Fixed in Packagist, PHP's Largest Package Repository
The maintainers of Packagist, the PHP ecosystem's largest package repository, have fixed a critical vulnerability on their official website that could have allowed an attacker to hijack their service.
- August 29, 2018
- 05:07 AM
- 0
-
PHP Deserialization Issue Left Unfixed in WordPress CMS
WordPress CMS installations are vulnerable to a PHP bug related to data unserialization (also known as deserialization), a security researcher has revealed at the start of the month.
- August 17, 2018
- 07:22 AM
- 0
-
Unpatched Flaw Disclosed in WordPress CMS Core
Security researchers from RIPS disclosed today details about an unpatched security flaw impacting WordPress, the Internet's most popular content management system (CMS).
- June 26, 2018
- 06:39 PM
- 0
0
-
Remove the Theonlinesearch.com Search Redirect
Filed Under: Adware -
Remove the Smartwebfinder.com Search Redirect
Filed Under: Adware -
How to remove the PBlock+ adware browser extension
Filed Under: Adware -
Remove the Toksearches.xyz Search Redirect
Filed Under: Adware -
Remove the Smashapps.net Search Redirect
Filed Under: Adware
-
Version: 5.1.5.1165M+ Downloads
-
Version: 1.33.07554,227 Downloads
-
Version: 0.8141,953 Downloads
-
Version: NA103,249 Downloads
-
Version: NA150,238 Downloads
