US federal agency breached by hackers using GeoServer exploit, CISA says

In an in-depth report detailing the incident, the US Cybersecurity and Infrastructure Security Agency (CISA) outlined how the ...
Bleeping Computer

Feature-rich Ensiko malware can encrypt, targets Windows, macOS, Linux

Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers. The malware received the ...
Threat Post

Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution

The issue impacts several content management systems, including Typo3 and WordPress, as well as widely-used PDF generation library TCPDF. Researchers have created a proof-of-concept exploit that would ...
Ars Technica

Microsoft is seeing a big spike in Web shell use

Security personnel at Microsoft are seeing a big increase in the use of Web shells, the light-weight programs that hackers install so they can burrow further into compromised websites. The average ...
Ars Technica

Vulnerability with 9.8 severity in Control Web Panel is under active exploit

Malicious hackers have begun exploiting a critical vulnerability in unpatched versions of the Control Web Panel, a widely used interface for web hosting. “This is an unauthenticated RCE,” members of ...