The Hacker News says attackers are controlling PHP web shells using HTTP cookies so the malware stays inactive unless specific cookie values are sent, blending into normal traffic.
Attackers are using HTTP cookies to control PHP web shells on Linux servers.
Malware stays inactive and runs only when specific cookie values are sent, blending into normal traffic.
Microsoft Threat Intelligence shows cookie-controlled PHP web shells enable dormand activation and persistent RCE on Linux hosting via cookie-gated execution, layered obfuscation, cron persistence, and web server-spawned payloads.
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.
← Back to Cyber Security