PHP support had been a long time coming, since PHP has been a popular programming language for GitHub hosted projects for years, ranking third and fourth in recent years.

Essentially the code was a backdoor that would have allowed an attacker to execute arbitrary code on any web server running this Trojanized version of PHP by simply sending requests to it with a ...

The PHP project kicked off in 1995 and would eventually become a server-side scripting language and general-purpose programming language used by tech giants like Facebook, Yahoo, and Etsy.

The commits were pushed to the php-src repository, thus offering attackers a supply-chain opportunity to infect websites that pick up the malicious code believing it to be legit.

In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository ...

A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide.

PHP.net hacked, code backdoored The commits were made to the php-src repo under the account names of two well-known PHP developers, Rasmus Lerdorf and Nikita Popov.