Bleeping Computer

Elastix VoIP systems hacked in massive campaign to install PHP web shells

Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. Elastix is a server software for ...
ZDNet

Microsoft: Credit card skimmers are switching techniques to hide their attacks

Card-skimming malware is increasingly using malicious PHP script on web servers to manipulate payment pages in order to bypass browser defenses triggered by JavaScript code, according to Microsoft.
Threat Post

Magecart Goes Server-Side in Latest Tactics Changeup

The latest Magecart iteration is finding success with a new PHP web shell skimmer. Magecart Group 12, known for skimming payment information from online shoppers, was fingered for last September’s ...
Ars Technica

PHP: Executing shell command

So, it's clear that when I pass arguments, it freaks--but when I don't pass the arguments, it works. I'd think there was something wrong with my arguments, but since they work perfectly when not in a ...
Infosecurity-magazine.com

Nezha Tool Used in New Cyber Campaign Targeting Web Applications

A newly uncovered cyber campaign featuring the open-source tool Nezha has been observed targeting vulnerable web applications. Beginning in August 2025, Huntress analysts traced a sophisticated ...