Morning Overview on MSN

A critical Apache HTTP/2 flaw gives attackers a working proof-of-concept for remote code execution on millions of servers

A vulnerability in Apache HTTP Server’s HTTP/2 protocol handling now has working exploit code circulating among security ...
The Hacker News

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

MetInfo CMS flaw CVE-2026-29014 exploited after April 7 patch, enabling remote code execution and targeting 2,000 instances.
SecurityWeek

MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs

Threat actors are exploiting critical vulnerabilities in MetInfo CMS and Weaver E-cology for unauthenticated, remote code ...
Bleeping Computer

Hackers use PHP exploit to backdoor Windows systems with new malware

Unknown attackers have deployed a newly discovered backdoor dubbed Msupedge on a university's Windows systems in Taiwan, likely by exploiting a recently patched PHP remote code execution vulnerability ...
ZDNet

PHP Everywhere code execution bugs impact thousands of WordPress websites

Critical remote code execution (RCE) vulnerabilities in a popular WordPress plugin have been made public. The RCE bugs impact PHP Everywhere, a utility for web developers to be able to use PHP code in ...
Ars Technica

Attackers target unpatched PHP bug allowing malicious code execution

Attackers are wasting no time targeting a critical bug in websites running the PHP scripting language. While the proportion of sites that are susceptible is small, the consequences of attack are high, ...