Time to Declare an Emergency? Scrotes chain three flaws to take full control—seems pretty easy ...

A long-running ransomware campaign that has been targeting Windows and Linux systems since 2019 is the latest example of how closely threat groups track public disclosures of vulnerabilities and proofs-of-concept (PoCs) and ...

  Imagine handing over the controls of your website to someone you don’t trust – that’s the risk of RCE vulnerabilities in WordPress. Attackers can modify website content, inject spammy content, and ...

Handling end of life (EOL) for operating systems is a relatively common, if cumbersome, task that IT teams have to grapple with as part of their activity. Yet, operating systems aren’t the ...

We’ve seeing so many software supply chain attacks in recent weeks that it’s hard for us to talk about all of them. But, in the last 24 hours, we’ve seen two major ...

There are more than 700+ programming languages to choose from and different languages gain popularity and momentum at any time. In fact, since 2012 there has been a new “favorite” programming language ...

Thank you to Ratnesh Pandey who also contributed to this research. On 16 September 2019, Bromium Labs observed the resumption of Emotet malicous spam (malspam) campaign activity following a hiatus since the ...

The official PHP Extension and Application Repository (PEAR) website has been shut down after an apparent hack caused the original PHP PEAR package manager to be replaced by attackers with a tainted ...

Sven Morgenroth, a security researcher at Netsparker, was interviewed by Paul Asadoorian and Larry Pesce for Paul's Security Weekly #584. Sven talked about PHP Object injection vulnerabilities and explained the dangers of ...

At the end of 2018, PHP will stop releasing security updates and supporting PHP 5.6 as well as PHP 7.0. Considering there are millions of websites who are still running these old ...