This data is modified in such a way to force the TCPDF library to call the PHP server's "phar://" stream wrapper, and later abuse the PHP deserialization process to run code on the underlying server.

However, newer versions emerged starting May 15th into this week and contained malicious code: Python's ctx library and a fork of PHP's phpass have been compromised. 3 million users combined.

In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository ...