PHP Packagist supply chain poisoned by hacker “looking for a job”
Credit to Author: Paul Ducklin| Date: Fri, 05 May 2023 18:59:32 +0000
I pwned you! Gizza job! You know it makes sense!
Read morephp
SHA-3 code execution bug patched in PHP – check your version!
Credit to Author: Paul Ducklin| Date: Tue, 01 Nov 2022 14:09:10 +0000
As everyone waits for news of a bug in OpenSSL, here’s a reminder that other cryptographic code in your life may also need patching!
Read morePoisoned Python and PHP packages purloin passwords for AWS access
Credit to Author: Paul Ducklin| Date: Wed, 25 May 2022 18:04:17 +0000
More supply chain trouble – this time with clear examples so you can learn how to spot this stuff yourself.
Read moreIrony alert! PHP fixes security flaw in input validation code
Credit to Author: Paul Ducklin| Date: Fri, 18 Feb 2022 17:59:00 +0000
What’s wrong with this sequence? 1. Step into the road 2. Check if it’s safe 3. Keep on walki…
Read morePHP team fixes nasty site-owning remote execution bug
Credit to Author: Danny Bradbury| Date: Tue, 29 Oct 2019 11:48:14 +0000
The PHP development team has fixed a bug that could allow remote code execution in some setups of the programming language.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/r_X-vIvi4pg” height=”1″ width=”1″ alt=””/>
Read more