News

Bleeping Computer4y
PHP's Git server hacked to add backdoors to PHP source code - BleepingComputer
In the latest software supply chain attack, the official PHP Git repository was hacked and tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by ...
Ars Technica4y
Hackers backdoor PHP source code after breaching internal git server
Two updates pushed to the PHP Git server over the weekend added a line that, if run by a PHP-powered website, would have allowed visitors with no authorization to execute code of their choice.
WeLiveSecurity4y
Backdoor added to PHP source code in Git server hack - WeLiveSecurity
Unknown attackers compromised the official PHP Git server and planted a backdoor in the source code of the programming language, potentially putting websites using the tainted code at risk of ...
Threat Post4y
PHP Infiltrated with Backdoor Malware - Threatpost
PHP is a widely used open-source scripting language often used for web development. It can be embedded into HTML. ... Both commits claimed to “fix a typo” in the source code.
Ars Technica1y
Nasty bug with very simple exploit hits PHP just in time for the weekend
CVE-2024-4577 affects PHP only when it runs in a mode known as CGI, in which a web server parses HTTP requests and passes them to a PHP script for processing. Even when PHP isn’t set to CGI mode ...
Bleeping Computer1y
PHP fixes critical RCE flaw impacting all versions for Windows - BleepingComputer
A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide.