#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

PHP Framework | Breaking Cybersecurity News | The Hacker News

Category — PHP Framework
New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

Dec 16, 2024 Malware / Cybercrime
Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa. QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti (aka APT41). "Interestingly, our investigation revealed that Glutton's creators deliberately targeted systems within the cybercrime market," the company said . "By poisoning operations, they aimed to turn the tools of cybercriminals against them – a classic 'no honor among thieves' scenario." Glutton is designed to harvest sensitive system information, drop an ELF backdoor component, and perform code injection against popular PHP frameworks like Baota (BT), ThinkPHP, Yii, and Laravel. The ELF malware also shares "near-complete similarity" with a know...
Commando Cat Cryptojacking Attacks Target Misconfigured Docker Instances

Commando Cat Cryptojacking Attacks Target Misconfigured Docker Instances

Jun 07, 2024 Cryptojacking / Vulnerability
The threat actor known as Commando Cat has been linked to an ongoing cryptojacking attack campaign that leverages poorly secured Docker instances to deploy cryptocurrency miners for financial gain. "The attackers used the cmd.cat/chattr docker image container that retrieves the payload from their own command-and-control (C&C) infrastructure," Trend Micro researchers Sunil Bharti and Shubham Singh said in a Thursday analysis. Commando Cat, so named for its use of the open-source Commando project to generate a benign container, was first documented earlier this year by Cado Security. The attacks are characterized by the targeting of misconfigured Docker remote API servers to deploy a Docker image named cmd.cat/chattr, which is then used as a basis to instantiate a container and break out of its confines using the chroot command, and gain access to the host operating system. The final step entails retrieving the malicious miner binary using a curl or wget command fr...
Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year

Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year

Jan 07, 2025Cybersecurity / Endpoint Security
It's time once again to pay our respects to the once-famous cybersecurity solutions whose usefulness died in the past year. The cybercriminal world collectively mourns the loss of these solutions and the easy access they provide to victim organizations. These solutions, though celebrated in their prime, succumbed to the twin forces of time and advancing threats. Much like a tribute to celebrities lost in the past year, this article will look back at a few of cybersecurity's brightest stars that went dark in the past year.  1. Legacy Multi-Factor Authentication (MFA) Cause of Death: Compromised by sophisticated phishing, man-in-the-middle (MitM), SIM-swapping, and MFA prompt bombing attacks. The superstar of access security for more than twenty years, legacy MFA solutions enjoyed broad adoption followed by almost-universal responsibility for cybersecurity failures leading to successful ransomware attacks. These outdated solutions relied heavily on SMS or email-based codes o...
Expert Insights / Articles Videos
Cybersecurity Resources