Ars Technica

PHP vulnerability allows attackers to run malicious code on Windows servers

99% of web servers using PHP are running linux, so "oh no...anyway." Most people running Windows web servers are doing it for .NET and not using PHP. Click to expand... At first I had the same ...
CSOonline

PHP backdoor attempt shows need for better code authenticity verification

Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure. Unknown attackers managed to break ...
Bleeping Computer

W3 Total Cache WordPress plugin vulnerable to PHP command injection

A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. The vulnerability, tracked as ...
InfoWorld

Facebook invents a PHP virtual machine

Social networking giant Facebook has taken another step at making the PHP Web programming language run more quickly. The company has developed a PHP Virtual Machine that it says can execute the ...
Bleeping Computer

WordPress fixes POP chain exposing websites to RCE attacks

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.
ZDNet

Nasty PHP7 remote code execution bug exploited in the wild

A recently patched security flaw in modern versions of the PHP programming language is being exploited in the wild to take over servers, ZDNet has learned from threat intelligence firm Bad Packets.