security: Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Microsoft describes a Linux-hosting intrusion technique where PHP webshells are triggered by specially crafted HTTP cookies. The post covers obfuscation, php-fpm execution, and cron-based persistence used to hide activity and maintain access.

• Source: Microsoft Security Blog