The Hacker News

A new critical security flaw in PHP exposes Windows servers to remote code execution. The vulnerability allows unauthenticated attackers to bypass previous protections and execute arbitrary code on remote PHP servers. A fix has been released in PHP versions 8.3.8, 8.2.20, and 8.1.29. Users are urged to apply the patches quickly.

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

PHP Dev

New critical security flaw in PHP allows remote code execution due to a CGI argument injection vulnerability. Impacting all versions of PHP on Windows. Secure alternatives to PHP CGI recommended.

Critical Security Flaw in PHP: CVE-2024-4577

InfoSec Write-ups

An attacker managed to exploit a vulnerability in GitLab, taking over accounts of a company that provides VoIP solutions, including government organizations, banks, and telecom providers. The post describes the reconnaissance process, the GitLab enumeration, the specific vulnerability (CVE-2023-7028), and the exploitation process. The attacker harvested email addresses of the company's employees to carry out the account takeover. Once inside, they gained access to all company projects and extracted API keys and credentials.

Real World GitLab Account Take Over

Explore cybersecurity vulnerabilities and threats, including common security weaknesses and attack vectors. Learn about vulnerability assessment techniques, penetration testing, and security best practices. Whether you're a cybersecurity professional, developer, or system administrator,  secure your systems and applications.

Best of Vulnerability — June 2024