> TritonInfoSec News
Home / Apr 04, 2026 / Story
0
#8 The Hacker News general April 03, 2026 at 15:32 UTC

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

By [email protected] (The Hacker News)

AI Summary

Microsoft discovered threat actors using HTTP cookies as control channels for PHP web shells on Linux servers to achieve remote code execution. The attackers use cookie values to gate execution rather than URL parameters, persisting through cron jobs for stealthier command and control.

Read full article → https://thehackernews.com/2026/04/microsoft-detail…

Relevance score: 78.0/100

# More from April 04

  1. 1
    LinkedIn secretely scans for 6,000+ Chrome extensions, collects data BleepingComputer
  2. 2
    CISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers The Record
  3. 3
    North Korean Hackers Drain $285 Million From Drift in 10 Seconds SecurityWeek
  4. 4
    EU cyber agency attributes major data breach to TeamPCP hacking group The Record
  5. 5
    UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack The Hacker News
  6. 6
    Critical ShareFile Flaws Lead to Unauthenticated RCE SecurityWeek
  7. 7
    China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing The Hacker News
  8. 9
    Hims & Hers warns of data breach after Zendesk support ticket breach BleepingComputer
  9. 10
    Die Linke German political party confirms data stolen by Qilin ransomware BleepingComputer