AttackFeed by Joe Wagner | Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers  - The Hacker News

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers  – The Hacker News

Posted on By [email protected] (The Hacker News)
Attack Feeds

Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team.
“Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actor-supplied cookie values to gate execution,  –

Read More  – The Hacker News 

You may also like

AttackFeed by Joe Wagner | ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT RAT  - The Hacker News
Attack Feeds
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT RAT  – The Hacker News
February 20, 2026
AttackFeed by Joe Wagner | Building Strategic Advantage With Integrated Planning  - Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
Building Strategic Advantage With Integrated Planning  – Hackread – Cybersecurity News, Data Breaches, AI and More
May 6, 2026
AttackFeed by Joe Wagner | The long-awaited Trump cyber strategy has arrived  - CyberScoop
Attack Feeds
The long-awaited Trump cyber strategy has arrived  – CyberScoop
March 6, 2026
AttackFeed by Joe Wagner | Hackers Actively Exploit ‘Nginx Rift’ Vulnerability Affecting NGINX, F5 Products  - Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
Hackers Actively Exploit ‘Nginx Rift’ Vulnerability Affecting NGINX, F5 Products  – Hackread – Cybersecurity News, Data Breaches, AI and More
May 19, 2026