Downloader Malware Written in JPHP Interpreter

A newly discovered malware utilizes JPHP, a PHP interpreter running on Java Virtual Machine, to create a downloader. The malware is distributed in a ZIP file containing Java Runtime Environment and libraries, enabling execution without a separate Java environment. It communicates with a C2 server, disables Windows Defender's behavior monitoring, and uses Telegram for additional C2 connections. The malware can download and execute additional payloads, potentially including data breach-type malware like Strrat and Danabot. This case highlights how threat actors exploit lesser-known technologies like JPHP for malware distribution, emphasizing the importance of scrutinizing executable files and scripts from various sources.

Pulse ID: 68012d9425b7ccf942f5f065
Pulse Link: https://otx.alienvault.com/pulse/68012d9425b7ccf942f5f065
Pulse Author: AlienVault
Created: 2025-04-17 16:34:28

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Laravel 12.9 Introduces Memoized Cache Driver

https://nabilhassen.com/laravel-129-introduces-memoized-cache-driver

Discussions: https://discu.eu/q/https://nabilhassen.com/laravel-129-introduces-memoized-cache-driver

Medior PHP https://leanpub.com/b/mediorphp by Joseph Kanyo is the featured bundle of ebooks on the Leanpub homepage! https://leanpub.com #Php #Databases #Mysql #ComputerProgramming #Laravel #Symfony #Html #Refactoring #Apis #ApiDesign #books #ebooks

A #PHP meme idea was thought up today at @ddd by Rouven #DDD25

I just realized that I haven't updated the FOSS page on the main website for some time. Added short descriptions for a bunch of things that have been built and updated over the past year: Criteria (conditional logic in JSON), Penknife (a compact Blade-inspired template engine), Money (BCMath with rounding for financial calculations), and Colorspace (conversion between color models and more).

I've been busier than I thought!

More at https://www.abivia.com/foss

Hey #PHP. I'm looking for good fully framework-and-orm-agnostic fixture libraries. All I can find is Alice, which is loads-of-yaml and random data. I'm not looking for a DSL or random data. I do want useful defaults for data, however.

Are there any other options? Or is it "Alice or custom?"

Ready to take the #Symfony Certification Exam?

Join our #Certification Online Coaching :

15 weeks – 1.5 hours/week with a certified trainer
Daily tests on Symfony & #PHP
Full access to
@SymfonyCasts

Our Goal: Help you Nail the Exam

https://bit.ly/3Er12SU

Congratulations to @edorian and Daniel Scherzer, the “rookie” release managers for PHP 8.5!

https://news-web.php.net/php.internals/127131

PHP security check uncovers critical vulnerabilities

PHP security audit reveals 27 vulnerabilities. Quarkslab nevertheless rates PHP codebase as positive. Update strongly recommended.

https://www.heise.de/en/news/PHP-security-check-uncovers-critical-vulnerabilities-10356107.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Take a deep dive into the DOM manipulation and HTML parsing capabilities of PHP in a Keynote session at #DrupalDevDays by Niels Dossche.

Introducing StackLift — our Laravel auditing service that helps small teams modernize legacy apps.
Laravel upgrades
Composer & Livewire updates
PHP, Node, and NPM cleanups
Book before May 2 and get $197 off
https://kutt.it/uQpgWN
#Laravel #WebDev #StackLift #SmallBusiness #PHP

I am myself a Node.js guy, but I do know we have PHP girls.

This article will give you a perspective on PHP, for those of you that use PHP.

#coding #php #nodejs #programming #backend #javascript

https://medium.com/ideacoding-lab/php-performance-optimization-tips-for-developers-4b76e18ace76

New writeup: a vulnerability in PHP's extract() function allows attackers to trigger a double-free, which in turn allows arbitrary code execution (native code)

https://ssd-disclosure.com/ssd-advisory-extract-double-free5-x-use-after-free7-x-8-x/

Discussions: https://discu.eu/q/https://ssd-disclosure.com/ssd-advisory-extract-double-free5-x-use-after-free7-x-8-x/

PHP-Sicherheitsprüfung deckt kritische Schwachstellen auf

PHP-Sicherheitsprüfung enthüllt 27 Schwachstellen. Quarkslab bewertet PHP-Codebasis dennoch als positiv. Update dringend empfohlen.

https://www.heise.de/news/PHP-Sicherheitspruefung-deckt-kritische-Schwachstellen-auf-10354122.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Tables grow over the life of a project, but I like to keep the columns organized as if they were all created on day one. Laravel and MySQL let us do this, but in today's video I share a couple things to be aware of. #php #laravel https://masteringlaravel.io/daily/2025-04-17-video-something-to-know-before-reordering-columns-in-a-migration

Ready to take the #Symfony 7 Certification Exam?
Join our #Certification Online Coaching Course:

15 weeks – 1.5 hours/week with a certified trainer
Daily tests on Symfony & #PHP
Full access to @symfonycasts

Our Goal: Help you Nail the Exam
https://bit.ly/3Er12SU

Enforcing naming conventions and patterns from respected members of the PHP community leads to cleaner code. This is a fact and will always be true.
#PSR15 #mezzio #Laminas #PHP
https://www.dotkernel.com/design-pattern/naming-pattern-for-psr-15-handlers-in-dotkernel-applications/

Single Action Handlers in PHP Frameworks. #PHP #symfony
https://dev.to/ilyasdeckers/single-action-handlers-in-php-frameworks-3jai

Single Action Handlers in PHP Frameworks. #PHP #symfony

https://dev.to/ilyasdeckers/single-action-handlers-in-php-frameworks-3jai?utm_source=flipboard&utm_medium=activitypub

Posted into SYMFONY FOR THE DEVIL @symfony-for-the-devil-mobileatom