In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository ...

Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure.

Hackers backdoor PHP source code after breaching internal git server Code gave code-execution powers to anyone who knew the secret password: "zerodium." ...

Unknown attackers compromised the official PHP Git server and planted a backdoor in the source code of the programming language.

A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide.