Ars Technica

Nasty bug with very simple exploit hits PHP just in time for the weekend

A critical vulnerability in the PHP programming language can be trivially exploited to execute malicious code on Windows devices, security researchers warned as they urged those affected to take ...
Bleeping Computer

PHP fixes critical RCE flaw impacting all versions for Windows

A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide. PHP is a ...
Bleeping Computer

Critical PHP RCE vulnerability mass exploited in new attacks

Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. Tracked as CVE-2024-4577, this PHP-CGI ...
CRN

Attacks Exploiting ‘Critical’ PHP Vulnerability Have Impacted US: Researcher

The remote code execution flaw affects Windows-based PHP installations, and was initially disclosed in June 2024. Exploitation of a critical-severity vulnerability affecting Windows-based PHP ...
ZDNet

PHP Everywhere code execution bugs impact thousands of WordPress websites

Critical remote code execution (RCE) vulnerabilities in a popular WordPress plugin have been made public. The RCE bugs impact PHP Everywhere, a utility for web developers to be able to use PHP code in ...
Dark Reading

Sneaky Shellcode: Windows Fibers Offer EDR-Proof Code Execution

BLACK HAT ASIA – Singapore – Windows fibers, little-known components of Windows OS, represent a largely undocumented code-execution pathway that exists exclusively in user mode — and is therefore ...
Threat Post

PHP Bug Allows Remote Code-Execution on NGINX Servers

CVE-2019-11043 is trivial to exploit — and a proof of concept is available. A buffer underflow bug in PHP could allow remote code-execution (RCE) on targeted NGINX servers. First discovered during a ...