Secure Planet Training Courses Updated For 2019 - Click Here

There are new available articles, click to refresh the page.

The Hacker News

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites

By: Newsroom — May 28^th 2024 at 06:30

Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed by Sucuri on May 11, 2024, entails the abuse of a WordPress plugin called Dessky Snippets, which allows users to add custom PHP code. It has over 200 active installations.

PHP Packagist supply chain poisoned by hacker “looking for a job”

By: Paul Ducklin — May 5^th 2023 at 16:59

I pwned you! Gizza job! You know it makes sense!

SHA-3 code execution bug patched in PHP – check your version!

By: Paul Ducklin — November 1^st 2022 at 14:09

As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!

Poisoned Python and PHP packages purloin passwords for AWS access

By: Paul Ducklin — May 24^th 2022 at 23:04

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

Irony alert! PHP fixes security flaw in input validation code

By: Paul Ducklin — February 18^th 2022 at 17:59

What's wrong with this sequence? 1. Step into the road 2. Check if it's safe 3. Keep on walki...