PHP Packagist supply chain poisoned by hacker “looking for a job”

By Paul Ducklin — May 5^th 2023 at 16:59

I pwned you! Gizza job! You know it makes sense!

“Gucci Master” business email scammer Hushpuppi gets 11 years

By Naked Security writer — November 14^th 2022 at 19:24

Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world...

puppi-car-1200

SHA-3 code execution bug patched in PHP – check your version!

By Paul Ducklin — November 1^st 2022 at 14:09

As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!

Poisoned Python and PHP packages purloin passwords for AWS access

By Paul Ducklin — May 24^th 2022 at 23:04

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

Irony alert! PHP fixes security flaw in input validation code

By Paul Ducklin — February 18^th 2022 at 17:59

What's wrong with this sequence? 1. Step into the road 2. Check if it's safe 3. Keep on walki...