Tag: php
4 articles

Attackers Exploit Joomla Extension Bugs with Perfect 10 Scores
Critical vulnerabilities in two popular Joomla extensions have been exploited in the wild, allowing attackers to gain remote control of affected sites by uploading malicious files. The Cybersecurity and Infrastructure Security Agency has sounded the alarm, adding the flaws to its Known Exploited Vulnerabilities catalog.

GitHub-Hosted Malware Targets PHP Packages in Coordinated Supply Chain Attack
Malicious code was injected into eight PHP packages on Packagist, triggering a Linux binary download from GitHub Releases via JavaScript lifecycle hooks in package.json postinstall scripts. The attack was swiftly contained, with the malicious versions removed from Packagist.

Malicious Laravel-Lang Packages Deliver Cross-Platform Credential Stealer
A massive wave of malicious Laravel-Lang packages, with over 700 versions released in just two days, has been used to spread a sneaky cross-platform credential stealer. Security researchers warn that multiple PHP packages from the Laravel-Lang organization were compromised, hinting at a large-scale breach of the organization's release process.

North Korean Hackers Expand Malicious Package Reach Across Multiple Coding Ecosystems
Beware of the Trojan horse in your code: North Korean hackers have quietly infiltrated multiple package ecosystems, publishing around 1,700 malicious packages that masquerade as legitimate developer tools but act as malware loaders. This sneaky campaign, linked to the Contagious Interview group, puts developers and organizations relying on shared code on high alert.