PHP Servers Hacked: Another Supply Chain Compromise
In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The two malicious commits were pushed to the self-hosted “php-src” repository hosted on the git.ph.
PHP is thought to underpin almost 80% of websites, according to a study by Web Technology Surveys. This includes all WordPress sites, which are built on PHP.