tldrdailynews.com logo
Tag

Php

All articles tagged with #php

Massive Laravel-Lang Breach Sparks Cross-Platform Credential Theft
cybersecurity7 days ago

Massive Laravel-Lang Breach Sparks Cross-Platform Credential Theft

Security researchers warn of a broad compromise of Laravel-Lang PHP packages (laravel-lang/lang, http-statuses, attributes, actions) that injected a malicious src/helpers.php into autoloaded vendor files. The attack involved rapid tagging of 700+ package versions in May 2026, suggesting access to the Laravel Lang release infrastructure. The embedded dropper runs on startup and delivers a ~5,900-line PHP credential stealer that exfiltrates cloud tokens, service credentials, browser data, VPN configs and more to flipboxstudio.info, encrypts results with AES-256, and self-deletes. Windows uses a Visual Basic Script launcher; Linux/macOS execute the payload via shell. Remediation includes auditing dependencies, rotating credentials, upgrading to clean versions, and monitoring for indicators of compromise.

via The Hacker News|
#credential-theft#cybersecurity#laravel-lang
WordPress 6.4.2 Update Fixes Critical Remote Attack Vulnerability
technology2 years ago

WordPress 6.4.2 Update Fixes Critical Remote Attack Vulnerability

WordPress has released version 6.4.2 to address a critical security flaw that could allow threat actors to execute arbitrary PHP code on vulnerable sites. The vulnerability, which is not directly exploitable in core, can be combined with another bug to potentially achieve high severity, especially in multisite installations. The issue is rooted in the WP_HTML_Token class introduced in version 6.4. Users are advised to update their sites and developers are recommended to replace function calls to the unserialize function with alternatives like JSON encoding/decoding.

via The Hacker News|
#php#remote-code-execution#security-vulnerability