php backdoor | Breaking Cybersecurity News | The Hacker News

A critical vulnerability has been discovered in PHPMailer , which is one of the most popular open source PHP libraries to send emails used by more than 9 Million users worldwide. Millions of PHP websites and popular open source web applications, including WordPress, Drupal, 1CRM, SugarCRM, Yii, and Joomla comes with PHPMailer library for sending emails using a variety of methods, including SMTP to their users. Discovered by Polish security researcher Dawid Golunski of Legal Hackers , the critical vulnerability ( CVE-2016-10033 ) allows an attacker to remotely execute arbitrary code in the context of the web server and compromise the target web application. "To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class," Golunski writes in the advisory published today. Golunski respo

Cyber attacks get bigger, smarter, more damaging. P*rnHub launched its bug bounty program two months ago to encourage hackers and bug bounty hunters to find and responsibly report flaws in its services and get rewarded. Now, it turns out that the world's most popular p*rn*graphy site has paid its first bounty payout. But how much? US $20,000! Yes,  P*rnHub  has paid $20,000 bug bounty to a team of three researchers, who gained Remote Code Execution (RCE) capability on its servers using a zero-day vulnerability in PHP – the programming language that powers  P*rnHub 's website. The team of three researchers, Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide), discovered two use-after-free vulnerabilities ( CVE-2016-5771/CVE-2016-5773 ) in PHP's garbage collection algorithm when it interacts with other PHP objects. One of those is PHP's unserialize function on the website that handles data uploaded by users, like hot pictures, on multiple paths,

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

If you own a mobile version for your Wordpress website using the popular WPtouch plugin, then you may expose to a critical vulnerability that could potentially allow any non-administrative logged-in user to upload malicious PHP files or backdoors to the target server without any admin privileges. WordPress is a free and an open source blogging tool as well as a content management system (CMS) with 30,000 plugins, each of which offers custom functions and features enabling users to tailor their sites to their specific needs. That is why, it is easy to setup and used by more than 73 million of websites across the world, and about 5.7 million them uses WPtouch plugin, making it one of the most popular plugins in the WordPress plugin directory. WPtouch is a mobile plugin that automatically enables a user friendly and elegant mobile theme for rendering your WordPress website contents on the mobile devices. User can easily customize many aspects of its appearance by the adm