Bleeping Computer

PHP Deserialization Issue Left Unfixed in WordPress CMS

WordPress CMS installations are vulnerable to a PHP bug related to data deserialization (also known as unserialization), a security researcher has revealed at the start of the month. The bug has been ...
ZDNet

Deserialization issues also affect Ruby, not just Java, PHP, and .NET

The Ruby programming language is impacted by a similar "deserialization issue" that has affected and wreaked havoc in the Java ecosystem in 2016; an issue that later also proved to be a problem for ...
Ars Technica

Deserializing old PHP data with Ruby -- but PHP object had a .type property

I'm a total newbie with Ruby, but I thought I'd use it to try and reclaim the data from my ancient PHP based photo site. That site used PHP serialization to store data in the filesystem like this: ...
CSOonline

Reevaluate “low-risk” PHP unserialization vulnerabilities, researcher says

Over nearly a decade, PHP unserialization vulnerabilities have become a popular route for cyber-criminals to plant remote code execution or deliver other malware into systems. But new research, ...