Date Author Title

PHP UPDATE

2013-01-17Russ McReePHP 5.4.11 and PHP 5.3.21 released
2010-02-27Guy BruneauPHP 5.2.13 Security Update

PHP

2024-11-06/a>Jesse La Grew[Guest Diary] Insights from August Web Traffic Surge
2024-03-29/a>Xavier MertensQuick Forensics Analysis of Apache logs
2023-09-23/a>Guy BruneauScanning for Laravel - a PHP Framework for Web Artisants
2022-09-07/a>Johannes UllrichPHP Deserialization Exploit attempt
2022-02-02/a>Johannes UllrichFinding elFinder: Who is looking for your files?
2021-11-30/a>Johannes UllrichHunting for PHPUnit Installed via Composer
2020-06-05/a>Remco VerhoefNot so FastCGI!
2019-07-18/a>Xavier MertensMalicious PHP Script Back on Stage?
2019-04-04/a>Xavier MertensNew Waves of Scans Detected by an Old Rule
2018-11-16/a>Xavier MertensBasic Obfuscation With Permissive Languages
2018-07-11/a>Remco VerhoefWell, Hello Again Peppa!
2018-07-02/a>Guy BruneauHello Peppa! - PHP Scans
2018-06-13/a>Xavier MertensA Bunch of Compromized Wordpress Sites
2018-05-06/a>Guy BruneauScans Attempting to use PowerShell to Download PHP Script
2017-09-14/a>Xavier MertensAnother webshell, another backdoor!
2017-08-07/a>Xavier MertensIncrease of phpMyAdmin scans
2017-02-28/a>Xavier MertensAnalysis of a Simple PHP Backdoor
2016-12-26/a>Russ McReeCritical security update: PHPMailer 5.2.20 (CVE-2016-10045)
2016-07-13/a>Xavier MertensDrupal: Patch released today to fix a highly critical RCE in contributed modules
2015-07-12/a>Guy BruneauPHP 5.x Security Updates
2014-09-19/a>Guy BruneauPHP Fixes Several Bugs in Version 5.4 and 5.5
2014-08-22/a>Richard PorterPHP 5.5.16 is available http://www.php.net/ChangeLog-5.php#5.5.16
2014-08-22/a>Richard PorterPHP 5.4.32 Released http://www.php.net/ChangeLog-5.php#5.4.32
2014-08-16/a>Lenny ZeltserWeb Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-04-04/a>Stephen HallPHP 5.4.27 released
2014-03-27/a>Alex StanfordMass XSSodus in PHP
2013-10-25/a>Johannes UllrichPHP.net compromise aftermath: Why Code Signing Beats Hashes
2013-10-24/a>Johannes UllrichFalse Positive: php.net Malware Alert
2013-09-19/a>Bojan ZdrnjaArrays in requests, PHP and DedeCMS
2013-08-11/a>Bojan ZdrnjaXATattacks (attacks on xat.com)
2013-08-04/a>Johannes UllrichBBCode tag "[php]" used to inject php code
2013-06-07/a>Daniel WesemannPHP patches - see http://www.php.net/ChangeLog-5.php - fixes CVE2013-2110
2013-02-22/a>Chris MohanPHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-01-17/a>Russ McReePHP 5.4.11 and PHP 5.3.21 released
2012-09-19/a>Russ McReeScript kiddie scavenging with Shellbot.S
2012-06-14/a>Johannes UllrichPHP 5.4.4 and 5.3.14 released with fixes for DES crypt issue and phar heap overflow
2012-05-08/a>Kevin ListonPHP 5.4.3 and PHP 5.3.13 Released
2012-04-05/a>Johannes UllrichEvil hides everywhere: Web Application Exploits in Headers
2012-03-07/a>Johannes UllrichWhat happened to RFI attacks?
2012-02-07/a>Johannes UllrichSecure E-Mail Access
2012-02-03/a>Guy BruneauPHP 5.3.10 Released, Fixes CVE-2012-0830 available for download http://www.php.net/archive/2012.php#id2012-02-02-1
2012-02-03/a>Johannes UllrichCritical PHP bug patched
2012-01-16/a>Kevin Shorttphp 5.3.9 released -Jan-10-2011
2012-01-12/a>Rob VandenBrinkPHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-08-22/a>Jim ClausingDO NOT upgrade to PHP 5.3.7, significant bug in crypt() function, see http://www.php.net/
2011-08-18/a>Rob VandenBrinkPHP 5.37 release. Some security updates, plus lots of bug fixes ==> http://www.php.net/archive/2011.php#id2011-08-18-1
2010-08-31/a>Bojan ZdrnjaInteresting PHP injection
2010-08-10/a>Daniel WesemannSSH - new brute force tool?
2010-07-04/a>Manuel Humberto Santander PelaezInteresting analysis of the PHP SplObjectStorage Vulnerability
2010-06-14/a>Manuel Humberto Santander PelaezAnother way to get protection for application-level attacks
2010-05-23/a>Manuel Humberto Santander Pelaeze-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-02-27/a>Guy BruneauPHP 5.2.13 Security Update
2010-01-29/a>Johannes UllrichAnalyzing isc.sans.org weblogs, part 2, RFI attacks
2009-12-28/a>Johannes Ullrich8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug)
2009-11-20/a>Mark Hofman PHP 5.3.1 is released. With many of the websites on the net relying on PHP and the number of attacks we see, consider upgrading. This release has over 100 bug fixes, some of which are security related.
2009-08-01/a>Deborah HaleWebsite Warnings
2009-06-26/a>Mark HofmanPHPMYADMIN scans
2009-06-24/a>Kyle HaugsnessExploit tools are publicly available for phpMyAdmin
2009-06-21/a>Scott FendleyphpMyAdmin Scans
2009-04-07/a>Johannes UllrichCommon Apache Misconception
2009-02-03/a>Swa FrantzenOn the importance of patching fast
2008-12-10/a>Stephen HallPHP Group has released PHP version 5.2.8
2008-09-09/a>Swa Frantzenwordpress upgrade
2008-08-19/a>Johannes UllrichA morning stroll through my web logs
2008-05-05/a>John BambenekPHP 5.2.6 out w/ security updates
2006-12-24/a>Swa FrantzenphpBB 2.0.22 - upgrade time
2006-11-29/a>Toby KohlenbergNew Vulnerability Announcement and patches from Apple
2006-09-13/a>Swa FrantzenPHP - shared hosters, take note.

UPDATE

2023-04-22/a>Didier StevensYARA v4.3.1 Release
2023-04-02/a>Didier StevensYARA v4.3.0 Release
2023-01-07/a>Didier StevensYARA v4.3.0-rc1 --skip-larger
2022-12-05/a>Didier StevensVLC's Check For Updates: No Updates?
2022-08-20/a>Didier StevensYARA 4.2.3 Released
2022-07-02/a>Didier StevensYARA 4.2.2 Released
2022-04-30/a>Didier StevensYARA 4.2.1 Released
2022-03-14/a>Johannes UllrichApple Updates Everything: MacOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4 and more
2021-11-29/a>Didier StevensWireshark 3.6.0 Released
2021-10-31/a>Didier StevensSysinternals: Autoruns and Sysmon updates
2021-10-28/a>Yee Ching TokMultiple Apple Patches for October 2021
2021-10-10/a>Didier StevensWireshark 3.4.9 Released
2021-08-21/a>Didier StevensNew Versions Of Sysinternals Tools
2021-07-25/a>Didier StevensWireshark 3.4.7 Released
2021-04-25/a>Didier StevensWireshark 3.4.5 Released
2021-03-14/a>Didier StevensWireshark 3.4.4 Released
2021-02-06/a>Didier StevensYARA v4.0.5
2021-01-31/a>Didier StevensYARA v4.0.4
2020-12-20/a>Didier StevensWireshark 3.4.2 Released
2020-12-13/a>Didier StevensWireshark 3.4.1 Released
2020-09-27/a>Didier StevensWireshark 3.2.7 Released
2020-08-15/a>Didier StevensWireshark 3.2.6 Released
2020-05-24/a>Didier StevensWireshark 3.2.4 Released
2020-04-11/a>Didier StevensWireshark 3.2.3 Released: Mac Users Pay Attention Please
2020-03-14/a>Didier StevensPhishing PDF With Incremental Updates.
2020-03-07/a>Didier StevensWireshark 3.2.2 Released: Windows' Users Pay Attention Please
2020-02-05/a>Brad DuncanFake browser update pages are "still a thing"
2020-02-01/a>Didier StevensWireshark 3.2.1 Released
2019-12-21/a>Didier StevensWireshark 3.2.0 Released
2019-12-08/a>Didier StevensWireshark 3.0.7 Released
2019-10-27/a>Didier StevensWireshark 3.0.6 Released
2019-09-21/a>Didier StevensWireshark 3.0.5 Release: Potential Windows Crash when Updating
2019-07-09/a>John BambenekMSFT July 2019 Patch Tuesday
2017-07-30/a>Guy BruneauRe-release of MS Oulook Security Patches https://portal.msrc.microsoft.com/en-us/security-guidance/summary
2016-09-13/a>Rob VandenBrinkApple iOS 10 and 10.0.1 Released
2016-02-27/a>Guy BruneauOpenSSL Security Update Planned for 1 March Release
2015-10-09/a>Guy BruneauAdobe Acrobat and Reader Pre-Announcement
2015-04-04/a>Didier StevensVMware Product Updates Address Critical Information Disclosure Issue In JRE
2014-08-22/a>Richard PorterPHP 5.4.32 Released http://www.php.net/ChangeLog-5.php#5.4.32
2014-08-22/a>Richard PorterPHP 5.5.16 is available http://www.php.net/ChangeLog-5.php#5.5.16
2014-08-12/a>Adrien de BeaupreAdobe updates for 2014/08
2014-08-01/a>Chris MohanWireShark 1.10.9 and 1.12.0 has been released
2014-07-11/a>Rob VandenBrinkMetasploit Update Alert
2014-06-12/a>Guy BruneauBIND Security Update for CVE-2014-3859
2014-04-24/a>Rob VandenBrinkApple IOS updates to 7.1.1, OSX Security update 2014-002, Airport Updates - http://support.apple.com/kb/HT1222, http://support.apple.com/kb/HT6208, http://support.apple.com/kb/HT6207, http://support.apple.com/kb/HT6203
2014-04-12/a>Guy BruneauCritical Security Update for JetPack WordPress Plugin. Bug has existed since Jetpack 1.9, released in October 2012. - http://jetpack.me/2014/04/10/jetpack-security-update/
2014-04-02/a>Kevin ShorttApple Security Update for Safari 6.1.3/7.0.3: http://support.apple.com/kb/HT6181
2014-03-06/a>Mark BaggettPort 5000 traffic and snort signature
2014-02-14/a>Chris MohanSYM14-004 Symantec Endpoint Protection Management Vulnerabilities - http://www.symantec.com/business/support/index?page=content&id=TECH214866
2013-12-18/a>Adrien de BeaupreWireshark 1.10.4 and 1.8.12 are available
2013-12-17/a>Adrien de BeaupreApple security updates Mac OS X and Safari
2013-10-17/a>Adrien de BeaupreChrome updated http://googlechromereleases.blogspot.ca/2013/10/stable-channel-update_15.html
2013-10-15/a>Rob VandenBrinkJava Quarterly Updates
2013-07-28/a>Guy BruneauWireshark 1.8.9 and 1.10.1 Security Update
2013-07-03/a>Kevin ShorttApple Security Update 2013-003
2013-06-05/a>Richard PorterWindows Sysinternals Updated http://technet.microsoft.com/en-us/sysinternals/default.aspx
2013-05-22/a>Adrien de BeaupreApple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222
2013-05-22/a>Adrien de BeaupreChrome 24.0.1312.52 has been updated for Windows, Mac, Linux, and Chrome Frame
2013-04-19/a>Russ McReeJava 8 release schedule delayed for renewed focus on security
2013-04-03/a>Mark HofmanFirefox 20 and Thunderbird 17.0.5 updates
2013-03-07/a>Guy BruneauWireshark Security Updates
2013-02-27/a>Adam SwangerAdobe Flash Player Security Update - http://www.adobe.com/support/security/bulletins/apsb13-08.html
2013-02-22/a>Chris MohanPHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-02-22/a>Chris MohanChrome 25.0.1364.87 addresses multiple vulnerabilities http://googlechromereleases.blogspot.com.au/2013/02/stable-channel-update_21.html
2013-02-12/a>Adam SwangerMicrosoft February 2013 Black Tuesday Update - Overview
2013-02-01/a>Jim ClausingOracle quitely releases Java 7u13 early
2013-01-17/a>Russ McReePHP 5.4.11 and PHP 5.3.21 released
2013-01-09/a>Rob VandenBrinkSQL Injection Flaw in Ruby on Rails
2013-01-09/a>Rob VandenBrinkFirefox and Thunderbird Updates
2013-01-09/a>Rob VandenBrinkSecurity Updates for Adobe Flash - http://www.adobe.com/support/security/bulletins/apsb13-01.html
2013-01-09/a>Johannes UllrichNew Format for Monthly Threat Update
2013-01-08/a>Richard PorterFirefox 18 Released, Security Fixes http://www.mozilla.org/security/known-vulnerabilities/firefox.html
2012-12-11/a>John BambenekMicrosoft December 2012 Black Tuesday Update - Overview
2012-11-13/a>Jim ClausingMicrosoft November 2012 Black Tuesday Update - Overview
2012-10-28/a>Tony CarothersFirefox 16.02 Released
2012-09-21/a>Guy BruneauUpdate for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801)
2012-09-20/a>Russ McReeApple and Cisco Security Advisories 19 SEP 2012
2012-08-22/a>Adrien de BeaupreApple Remote Desktop update fixes no encryption issue
2012-08-21/a>Adrien de BeaupreYYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
2012-08-15/a>Guy BruneauWireshark Security Update
2012-08-02/a>Guy BruneauOpera Security Update
2012-07-18/a>Rob VandenBrinkSnort Updated today
2012-06-25/a>Guy BruneauIssues with Windows Update Agent
2012-06-20/a>Raul SilesFirefox 13.0.1 Update
2012-06-06/a>Jim ClausingFirefox, Thunderbird, and Seamonkey Security Updates
2012-05-04/a>Guy BruneauAdobe Security Flash Update
2012-03-06/a>Mark HofmanWebsense posted a small article relating to mass injection into wordpress sites (thanks Chris) More info Here --> http://community.websense.com/blogs/securitylabs/archive/2012/03/05/mass-injection-of-wordpress-sites.aspx
2012-02-04/a>Scott FendleyApple Security Advisory 2012-001 v1.1
2011-11-02/a>Russ McReeWireshark updates: 1.6.3 and 1.4.10 released
2011-10-22/a>Guy BruneauOracle Java SE Critical Patch Update
2011-10-01/a>Mark HofmanHot on the heels fo FF, Thunderbird v 7.0.1 and SeaMonkey v 2.4.1 have been updated.
2011-09-18/a>Guy BruneauGoogle Chrome Security Updates
2011-09-06/a>Guy BruneauFirefox 6.0.2 released to removed trust to DigiNotar certificate authority http://www.mozilla.org/en-US/firefox/6.0.2/releasenotes/
2011-09-05/a>Raul SilesJava 7 Officially Released
2011-07-15/a>Deborah HaleApple Software Updates
2011-06-28/a>Johannes UllrichUpdate: Thunderbird 5.0 released. https://www.mozilla.org/en-US/thunderbird/
2011-06-23/a>Jim ClausingApple Security Updates 2011-004
2011-06-09/a>Richard PorterChrome Version 12.0.742.91 Released
2011-06-01/a>Adrien de BeaupreWireshark 1.4.7 and 1.2.17 Released - http://www.wireshark.org/news/20110531.html
2011-05-20/a>Guy BruneauSysinternals Updates, Analyzing Stuxnet Infection with Sysinternals Tools Part 3
2011-05-16/a>Jason LamFirefox 3.5 forced upgrade coming soon
2011-05-04/a>Richard PorterMicrosoft Sysinterals Update
2011-05-01/a>Deborah HaleJava 6.25 Is Now Available
2011-04-14/a>Adrien de BeaupreSysinternals updates, a new blog post, and webcast
2011-03-21/a>Kevin ShorttAPPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001
2011-03-09/a>Chris MohanPossible Issue with Forefront Update KB2508823
2011-03-02/a>Chris MohanMicrosoft’s Autorun update v2.1 now automatically deployed from Windows Update
2011-02-21/a>Adrien de BeaupreKaspersky update servers unreachable
2011-01-27/a>Chris CarboniOpera Updates
2010-12-03/a>Mark HofmanAVG Update Bricking windows 7 64 bit
2010-11-30/a>Joel EslerVMWare Security Advisory
2010-11-16/a>Guy BruneauMac OS X Server v10.6.5 (10H575) Security Update: http://support.apple.com/kb/HT4452
2010-08-25/a>Pedro BuenoAdobe released security update for Shockwave player that fix several CVEs: APSB1020
2010-08-19/a>Rob VandenBrinkDon points us to multiple Adobe updates (Reader and Acrobat 9.3.4 among them) ==> http://www.adobe.com/support/downloads/new.jsp
2010-08-10/a>Jason LamAdobe critical security updates
2010-08-10/a>Daniel WesemannNew Apple security updates for iPad/Pod/Phone. See http://support.apple.com/kb/ht1222
2010-07-21/a>Adrien de BeaupreUpdate on .LNK vulnerability
2010-06-29/a>donald smithAdobe Reader 9.3.3/8.2.3 addressing CVE-2010-1297
2010-05-12/a>Rob VandenBrinkAdobe Shockwave Update
2010-04-13/a>Adrien de BeaupreSecurity update available for Adobe Reader and Acrobat
2010-04-02/a>Guy BruneauFoxit Reader Security Update
2010-03-29/a>Adrien de BeaupreAPPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3
2010-03-29/a>Adrien de BeaupreOOB Update for Internet Explorer MS10-018
2010-03-22/a>Guy BruneauNew Opera 10.51 available with security fixes. More information available at: http://www.opera.com/docs/changelogs/windows/1051/
2010-03-12/a>Mark HofmanFirefox 3.6 is being pushed out to users. http://www.mozilla.com/en-US/firefox/3.6/releasenotes/
2010-03-11/a>Mark HofmanA new version of Safari is out. Looks like for Mac and Windows. Plenty of security fixes (mostly for Windows Safari users http://support.apple.com/kb/HT4070 )
2010-03-10/a>Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-03-08/a>Raul SilesMicrosoft announced two important bulletins (fixing multiple vulns. affecting Windows and Office) for tomorrow: http://www.microsoft.com/technet/security/Bulletin/MS10-mar.mspx
2010-03-01/a>Mark HofmanMicrosoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.
2010-02-27/a>Guy BruneauPHP 5.2.13 Security Update
2010-02-11/a>Deborah HaleThe Mysterious Blue Screen
2010-01-06/a>Guy BruneauFirefox security and stability update for version 3.5.7 and 3.0.17 available for download
2009-12-16/a>Rob VandenBrinkSeamonkey Update to 2.0.1, find the release notes here ==> http://www.seamonkey-project.org/releases/seamonkey2.0.1
2009-12-03/a>Mark HofmanApple released some Java updates today APPLE-SA-2009-12-03-1 & 2 (for 10.5 and 10.6). Fixes a number of security issues so updating is a good idea.
2009-12-02/a>Rob VandenBrinkMicrosoft Black Screen of Death - Fact of Fiction?
2009-11-25/a>Jim ClausingTool updates
2009-11-25/a>Jim ClausingMicrosoft Updates requiring reboot
2009-11-11/a>Rob VandenBrinkApple Safari 4.0.4 Released
2009-11-09/a>Guy BruneauApple Security Update 2009-006 for Mac OS X v10.6.2
2009-11-06/a>Mark HofmanA new version of Firefox (3.5.5) just became available. According to the release notes they are stability improvements.
2009-10-22/a>Adrien de BeaupreSysinternals updates: Disk2vhd v1.1, ZoomIt v4.1, Coreinfo v2.0, VMMap v2.4
2009-09-24/a>Jim ClausingA couple more tools
2009-09-04/a>Adrien de BeaupreSeaMonkey Security Update
2009-08-05/a>donald smithSecurity Update 2009-003 / Mac OS X v10.5.8
2009-08-04/a>donald smithJava Security Update
2009-07-18/a>Patrick NolanChrome update contains Security fixes
2009-06-10/a>Swa FrantzenJava 6 update 14 released
2009-06-02/a>Deborah HaleAnother Quicktime Update
2009-05-26/a>Jason LamVista & Win2K8 SP2 available
2009-02-10/a>Swa FrantzenJava up to date ?
2008-11-29/a>Pedro BuenoUbuntu users: Time to update!
2008-11-13/a>Jim ClausingSome recently updated tools
2008-10-10/a>Marcus SachsFake Microsoft Update Email
2008-09-10/a>Adrien de BeaupreApple updates iPod Touch + Bonjour for Windows
2008-07-11/a>Jim ClausingUpdates to some of our favorite tools
2008-04-20/a>Joel EslerSoftware Update -- Did Apple Do Enough?
2008-03-20/a>Joel EslerAPPLE-SA-2008-03-19 AirPort Extreme Base Station Firmware 7.3.1
2008-03-20/a>Joel EslerPotential Vulnerability in Flash CS3 Professional, Flash Professional 8 and Flash Basic 8?