January 16, 2025 Gootloader inside out Open-source intelligence reveals the server-side code of this pernicious SEO-driven malware - without needing a lawyer afterward Threat Research
May 05, 2023 PHP Packagist supply chain poisoned by hacker “looking for a job” I pwned you! Gizza job! You know it makes sense! Naked Security
November 01, 2022 SHA-3 code execution bug patched in PHP – check your version! As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching! Naked Security
May 25, 2022 Poisoned Python and PHP packages purloin passwords for AWS access More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself. Naked Security
February 18, 2022 Irony alert! PHP fixes security flaw in input validation code What's wrong with this sequence? 1. Step into the road 2. Check if it's safe 3. Keep on walki... Naked Security
May 06, 2021 S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug [Podcast] Latest episode - listen now! (And please share with your friends.) Naked Security
April 30, 2021 PHP community sidesteps its third supply chain attack in three years Third time lucky! (The first two times were lucky, too, luckily.) Naked Security
April 01, 2021 S3 Ep26: Apple 0-day, crypto vulnerabilities and PHP backdoor [Podcast] Latest episode - listen now! Naked Security
March 30, 2021 PHP web language narrowly avoids “backdoor” supply chain attack The crooks got in and added a backdoor to PHP, but it looks as though it was caught before any harm was done. Naked Security