Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure.

In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository ...

Open-source projects which are self-hosting their code repositories may be at increased risk of this type of supply-chain attack and must have robust processes in place to detect and reject ...

PHP support had been a long time coming, since PHP has been a popular programming language for GitHub hosted projects for years, ranking third and fourth in recent years.

Two updates pushed to the PHP Git server over the weekend added a line that, if run by a PHP-powered website, would have allowed visitors with no authorization to execute code of their choice.