Bleeping Computer

Elastix VoIP systems hacked in massive campaign to install PHP web shells

Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. Elastix is a server software for ...
Ars Technica

Passing multiple lines into a PHP shell_exec() command

I've got a PHP website that needs to call a java class in order to interface with another database. I need to be able to pass an argument into the java class that was ...
Ars Technica

Microsoft is seeing a big spike in Web shell use

Security personnel at Microsoft are seeing a big increase in the use of Web shells, the light-weight programs that hackers install so they can burrow further into compromised websites. The average ...
Bleeping Computer

Feature-rich Ensiko malware can encrypt, targets Windows, macOS, Linux

Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers. The malware received the ...
Threat Post

Magecart Goes Server-Side in Latest Tactics Changeup

The latest Magecart iteration is finding success with a new PHP web shell skimmer. Magecart Group 12, known for skimming payment information from online shoppers, was fingered for last September’s ...
Infosecurity-magazine.com

Nezha Tool Used in New Cyber Campaign Targeting Web Applications

A newly uncovered cyber campaign featuring the open-source tool Nezha has been observed targeting vulnerable web applications. Beginning in August 2025, Huntress analysts traced a sophisticated ...