Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Laravel APP_KEY Leaks Lead to RCE: GitGuardian + Synacktiv Reveal Massive Threat

Aug 19, 2025 By GitGuardian In GitGuardian
In this video, cybersecurity researcher Guillaume Valadon of GitGuardian breaks down how exposed Laravel APP_KEYs on GitHub can lead to full Remote Code Execution (RCE) in real-world applications. Working in collaboration with Synacktiv, the team uncovered 260,000 exposed keys, validated 600+ vulnerable apps, and revealed that over 35% of leaks also exposed critical credentials like database passwords, cloud storage tokens, and API keys.
View Video

User Logins for in-house PHP Apps and Sites with Connectors

Feb 25, 2025 By miniOrange In miniOrange
miniOrange connectors improve your PHP apps' and sites’ security by implementing SSO, MFA, and user synchronization. With a wide range of protocol support like SAML, LDAP, and OAuth, miniOrange connectors will improve your security, effectiveness, and efficiency in your workflow. Securing PHP applications and websites is made easier with miniOrange connectors. Timestamps: miniOrange, a trusted name in identity and access management, empowers organizations worldwide with robust, scalable, and secure solutions.
View Video
ionix

Understanding CVE-2024-50340 - Remote Access to Symfony Profiler

Nov 12, 2024 By Nethanel Gelernter In IONIX
According to security researcher nol_tech CVE-2024–50340 is a critical vulnerability (CVSS: 7.3) affecting Symfony applications when the PHP directive register_argc_argv is enabled. By appending ?+--env=dev to a URL, attackers can force the application into the dev environment, granting remote access to the Symfony profiler. This exposure can lead to the leaking of sensitive information and potentially executing arbitrary code.
Read Post
ioncube24

New Release: ionCube Encoder 14 with PHP 8.3 support

Oct 15, 2024 By Ben In ionCube24
Earlier this year we rolled out support for PHP 8.3 where PHP 8.2 encoded files can now run on PHP 8.3 with our unique Loader compatibility. We’re pleased to announce that our next major release, ionCube Encoder 14, is now available with full support for encoding PHP 8.3 syntax. ionCube Encoder continues to offer the best in PHP protection with advanced encoding tools so you can be sure that your PHP code is protected against theft and copy.
Read Post
Snyk

What you should know about PHP code security

Sep 4, 2024 By Liran Tal In Snyk
When it comes to web development, PHP is a widely used scripting language. With its popularity, it is crucial to understand the potential security risks associated with PHP and the measures to mitigate them. Whether you deploy CMS applications using WordPress or build enterprise applications with the Laravel PHP framework, the importance of PHP security and the business impact of some notable PHP interpreter vulnerabilities are crucial for developers to get right.
Read Post
indusface

CVE-2024-4577 - A PHP CGI Argument Injection Vulnerability in Windows Servers

Jun 10, 2024 By Vivek Chanchal In Indusface
On June 7, 2024, a new critical PHP vulnerability CVE-2024-4577 was revealed, mainly impacting XAMPP on Windows. It happens when PHP runs in CGI mode with specific language settings, like Chinese or Japanese. The problem comes from how PHP handles certain characters, allowing attackers to inject code through web requests and take control of servers. This vulnerability, if exploited, could lead to the execution of arbitrary code, a scenario with severe consequences for system integrity and data security.
Read Post
Snyk

Getting started with PHP static analysis in 2024

Mar 21, 2024 By Liran Tal In Snyk
PHP is a popular server-side scripting language that is widely used for web development. PHP developers can ship and deploy more high-quality software products by leveraging static analysis tools that help mitigate PHP code errors, security vulnerabilities, and other issues that can impact the quality and security of the application if not addressed early in the development cycle.
Read Post
Snyk

Best practices for building a production-ready Dockerfile for PHP applications

Aug 22, 2023 By James Walker In Snyk

Docker is a containerization platform for bundling your code, dependencies, and runtime environment into self-contained units that run identically in different environments. Dockerizing a PHP application simplifies deployment by packaging the PHP runtime, a web server, and your source code and composer dependencies into a container. Getting started with Docker is easy. However, there are a few pitfalls you need to avoid before you can safely use it in production.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.