Monday, March 29, 2021

PHP Backdoors - the official PHP Git repository suffers software supply chain attack


















From PHP's Git server hacked to add backdoors to PHP source code (bleepingcomputer.com)

In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with.

Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.php.net server.

The threat actors had signed off on these commits as if these were made by known PHP developers and maintainers, Rasmus Lerdorf  and Nikita Popov.

Open source is has serious trust issues.


No comments:

Post a Comment