Ars Technica

Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating

Ransomware criminals have quickly weaponized an easy-to-exploit vulnerability in the PHP programming language that executes malicious code on web servers, security researchers said. As of Thursday, ...
The Hacker News

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Two Composer flaws (CVE-2026-40176, CVE-2026-40261) allow command execution via Perforce configurations, prompting urgent ...
Ars Technica

PHP vulnerability allows attackers to run malicious code on Windows servers

99% of web servers using PHP are running linux, so "oh no...anyway." Most people running Windows web servers are doing it for .NET and not using PHP. Click to expand... At first I had the same ...
SiliconANGLE

Symantec warns of new sophisticated backdoor exploiting patched PHP vulnerability

A new report out today from Symantec, a division of Broadcom Inc., is warning of a new sophisticated backdoor threat that has been spotted in the wild targeting a university in Taiwan. Dubbed Backdoor ...