Chinese cybersecurity researchers have uncovered a PHP backdoor, Glutton, believed to be from persistent threat goup Winnti. The malware has been found in China, the US, Cambodia, Pakistan and South Africa, undetected for over a year. The modular code operates within PHP or PHP-FPM optimised process handling on web servers, eliminating digital footprints and avoiding detection. Glutton can be used to extract data or inject malicious code into frequently used PHP frameworks.
Top 10 Best Dynamic Application Security Testing (DAST) Platforms in 2025
Dynamic Application Security Testing (DAST) platforms have become fundamental for safeguarding web applications as digital assets and attack surfaces scale in both size and complexity.
