News

Bleeping Computer4y
PHP's Git server hacked to add backdoors to PHP source code - BleepingComputer
In the latest software supply chain attack, the official PHP Git repository was hacked and tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by ...
Ars Technica4y
Hackers backdoor PHP source code after breaching internal git server
Two updates pushed to the PHP Git server over the weekend added a line that, if run by a PHP-powered website, would have allowed visitors with no authorization to execute code of their choice.
WeLiveSecurity4y
Backdoor added to PHP source code in Git server hack - WeLiveSecurity
Unknown attackers compromised the official PHP Git server and planted a backdoor in the source code of the programming language, potentially putting websites using the tainted code at risk of ...
Threat Post4y
PHP Infiltrated with Backdoor Malware - Threatpost
PHP is a widely used open-source scripting language often used for web development. It can be embedded into HTML. ... Both commits claimed to “fix a typo” in the source code.
ZDNet3y
FBI: Hackers used malicious PHP code to grab credit card data
The Federal Bureau of Investigations (FBI) is warning that someone is scraping credit card data from the checkout pages of US businesses' websites. "As of January 2022, unidentified cyber actors ...
Ars Technica1y
Nasty bug with very simple exploit hits PHP just in time for the weekend
CVE-2024-4577 affects PHP only when it runs in a mode known as CGI, in which a web server parses HTTP requests and passes them to a PHP script for processing. Even when PHP isn’t set to CGI mode ...
Bleeping Computer1y
PHP fixes critical RCE flaw impacting all versions for Windows - BleepingComputer
A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide.