The Hacker News

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Cookie-gated PHP web shells enable persistent Linux RCE via cron-based re-creation, reducing detection in routine traffic ...
Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...
Bleeping Computer

Elastix VoIP systems hacked in massive campaign to install PHP web shells

Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. Elastix is a server software for ...
ZDNet

Microsoft: Credit card skimmers are switching techniques to hide their attacks

Card-skimming malware is increasingly using malicious PHP script on web servers to manipulate payment pages in order to bypass browser defenses triggered by JavaScript code, according to Microsoft.
ZDNet

Hafnium’s China Chopper: a ‘slick’ and tiny web shell for creating server backdoors

Researchers have provided insight into China Chopper, a web shell used by the state-sponsored Hafnium hacking group. Hafnium is a group of cyberattackers originating from China. The collective ...
Bleeping Computer

Feature-rich Ensiko malware can encrypt, targets Windows, macOS, Linux

Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers. The malware received the ...
Threat Post

Magecart Goes Server-Side in Latest Tactics Changeup

The latest Magecart iteration is finding success with a new PHP web shell skimmer. Magecart Group 12, known for skimming payment information from online shoppers, was fingered for last September’s ...