Security researchers have found a new set of vulnerabilities that impact hundreds of millions of servers, smart devices, and industrial equipment. Called NAME:WRECK, the vulnerabilities have been discovered by enterprise IoT security firm Forescout as part of its internal research program named Project Memoria — which the company describes as “an initiative that aims at providing the cybersecurity community with the largest study on the security of TCP/IP stacks.”
Hackers have compromised at least one update server of German smartphone maker Gigaset and deployed malware to some of the company’s customers.
Hackers have breached the internal Git repository of the PHP programming language and have added a backdoor to the PHP source code in an attack that took place over the weekend, on Sunday, March 28. If the malicious code had made it into production, the code would have allowed threat actors to execute their own malicious PHP commands on victims’ servers.