Two months after the Drupal project released a patch for a highly critical security flaw, there are over 115,000 Drupal sites that have failed to install the fix and are now at the mercy of cyber-criminals.
A malicious PHP script found on over 5,000 compromised websites has been fingered as the source of a large-scale spam campaign that has been silently redirecting users to web pages hosting diet and intelligence boosting pills.
Hackers haven't wasted their time in deciding what to do with the proof-of-concept (PoC) code that was published online last week for a major Drupal security flaw.
The Drupal CMS team has fixed a highly critical security flaw that allows hackers to take over a site just by accessing an URL.
Some of the most influential voices in the PHP community have united on a project to improve the security of the PHP ecosystem.
Websites built using the Anchor CMS may be accidentally exposing their database passwords in publicly-facing error logs, Dutch security researcher Tijme Gommers has discovered.
More than a year after revealing the presence of intentionally malicious code inside the source code of 14 WordPress plugins, experts warn that hundreds of sites are still using the boobytrapped components.
A WordPress plugin installed on over 300,000 sites was recently modified to download and install a hidden backdoor. The WordPress team has intervened and removed this plugin from the official WordPress Plugins repository, also providing clean versions for affected customers.
Research presented this week at the Black Hat Europe 2017 security conference has revealed that several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks.
PHP got a whole lot more secure this week with the release of the 7.2 branch, a version that improves and modernizes the programming language's support for cryptography and password hashing algorithms.
A cyber-criminal has hidden the code for a PHP backdoor inside the source code of a WordPress plugin masquerading as a security tool named "X-WP-SPAM-SHIELD-PRO."
A PHP ransomware project open-sourced on GitHub is still spawning active threats, more than a year after it was released in early 2016.
Experts from security firm Wordfence say they have observed a wave of web attacks that took aim at unfinished WordPress installations.
Webmasters can use so-called ZIP bombs to crash a hacker's vulnerability and port scanner and prevent him from gaining access to their website.
A Dutch web developer has created a rootkit that hides inside a PHP module and can be used to take over web servers via a rarely used attack vector: Apache modules.
The Joomla CMS project released today Joomla 3.7.1 to fix an SQL injection flaw that allows attackers to execute custom SQL code on affected systems and take over vulnerable sites.
Some Ubiquiti network device models can be hacked thanks to an unpatched vulnerability, allowing attackers to gain control over the device, or use it as a pivot point in the victim's network to hack other nearby equipment.
The PHP team has unanimously voted to integrate the Libsodium library in the PHP core, and by doing so, becoming the first programming language to support a modern cryptography library by default.