InfoWorld

Update: PHP security issues being addressed, overseer says

Overseers of PHP (Hypertext Preprocessor) are conscious of security concerns with the language and are working to address any problems, one of the developers of PHP said on Tuesday afternoon. Security ...
Dark Reading

Are PHP SuperGlobal Parameters Really That Big A Deal?

A new report out this week (PDF) from Imperva detailing the potential danger for attacks through vulnerable PHP SuperGlobal parameters suggests that organizations running PHP servers should ditch the ...
Dark Reading

PHP Security Expert Quits

Drama on the PHP front: A high-profile member of the open source PHP Security Response Group abruptly has resigned his post. Stefan Esser said in his blog over the weekend that he left the group, ...
The Hacker News

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Cookie-gated PHP web shells enable persistent Linux RCE via cron-based re-creation, reducing detection in routine traffic logs.
Bleeping Computer

PHP Everywhere RCE flaws threaten thousands of WordPress sites

Researchers found three critical remote code execution (RCE) vulnerabilities in the 'PHP Everywhere' plugin for WordPress, used by over 30,000 websites worldwide. PHP Everywhere is a plugin that ...