In the latest software supply chain attack, the official PHP Git repository was hacked and tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by ...

Two updates pushed to the PHP Git server over the weekend added a line that, if run by a PHP-powered website, would have allowed visitors with no authorization to execute code of their choice.

The PHP project on Sunday announced that attackers were able to gain access to its main Git server, ... Both commits claimed to “fix a typo” in the source code.

Unknown attackers compromised the official PHP Git server and planted a backdoor in the source code of the programming language, potentially putting websites using the tainted code at risk of ...

Sysdig exposed how a trusted GitHub feature can silently hand control to attackers pull_request_target isn’t just risky, it’s ...

A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide.

“Xs:code is a monetization platform for open-source projects. Unlike donation platforms which are pretty popular today, xs:code allows open-source developers to provide added value in exchange ...

The projects themselves all appear to be related to web-based infrastructure, websites or mobile apps and at this time, it seems that Lapsus$ did not steal any source code for Microsoft's desktop ...