PHP s Git server hacked to add backdoors to PHP source code
By
Yesterday, two malicious commits were pushed to the
php-src Git repository maintained by the PHP team on their
git.php.net server.
The threat actors had signed off on these commits as if these were made by known PHP developers and maintainers, Rasmus Lerdorf and Nikita Popov.
RCE backdoor planted on PHP Git server
In an attempt to compromise the PHP code base, two malicious commits were pushed to the official PHP Git repository yesterday.
The incident is alarming considering PHP remains the server-side programming language to power over 79% of the websites on the Internet.