News
Hackers backdoor PHP source code after breaching internal git server Code gave code-execution powers to anyone who knew the secret password: "zerodium." ...
The commits were pushed to the php-src repository, thus offering attackers a supply-chain opportunity to infect websites that pick up the malicious code believing it to be legit.
Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure.
But, that is hardly surprising as with source code version control systems like Git, it is possible to sign-off a commit as coming from anybody else [1, 2] locally and then upload the spoofed ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback