/
Navigation
Chronicles
Browse all articles
Explore
Semantic exploration
Research
Entity momentum
Nexus
Correlations & relationships
Story Arc
Topic evolution
Drift Map
Semantic trajectory animation
Posts
Analysis & commentary
Pulse API
API keys, docs, usage dashboard
Browse
Entities
Companies, people, products, technologies
Domains
Browse by publication source
Handles
Browse by social media handle
Detection
Concept Search
Semantic similarity search
High Impact Stories
Top coverage by position
Sentiment Analysis
Positive/negative coverage
Anomaly Detection
Unusual coverage patterns
Analysis
Rivalry Report
Compare two entities head-to-head
Semantic Pivots
Narrative discontinuities
Crisis Response
Event recovery patterns
Connected
Search: /
Command: ⌘K
Embeddings: large
TEXXR

Chronicles

The story behind the story

days · browse · Enter similar · o open

The official PHP Git repository was hacked, adding a backdoor RCE to the PHP source code; PHP maintainer says the changes were reverted within a few hours

This commit does not belong to any branch on this repository … Mark Sullivan / Fast Company : Hackers put a back door in a code library that powers 79% of websites Tweets: Sam Kottler / @samkottler : The PHP project is moving to GitHub after their Git infrastructure was exploited to push two malicious commits - https://news-web.php.net/... @malwaretechblog : Hahahaha. My guess is someone compromised one of the php contributors, tries to sell the access to Zerodium, then got mad and did this when they wouldn't buy it. https://twitter.com/... https://twitter.com/... John Regehr / @johnregehr : brazen attempt to insert backdoor with commit messages “Fix typo” 🤣 https://news-web.php.net/... https://twitter.com/... @malwaretechblog : @pwnallthethings hmm yeah, according to the mailing list they think the server itself got owned https://news-web.php.net/... Artem Russakovskii / @artemr : PHP's source code git repo was compromised over the weekend and added a backdoor RCE. https://news-web.php.net/... A good write-up on the hack https://www.wordfence.com/.... Hamid K / @hkashfi : Somebody was too bored and lazy to find an RCE in their target's PHP application within a day or two, so they went ahead and backdoored the PHP itself instead :> “sold to zerodium in 2017” ?! Nice prank. https://github.com/... PHP Community / @phpc : Congrats to the internals team who moved quickly to revert these commits and mitigate the risk of future malicious commits to the official php-src repository! https://www.bleepingcomputer.com/ ... @j0hnnyxm4s : I think the biggest issue with “supply chain attacks” is folks who think this vector doesn't apply to them because they don't work in manufacturing. https://www.bleepingcomputer.com/ ... @spazef0rze : PHP source starts using GitHub as a main repository (previously a mirror only) after the zlib extension has been backdoored on Sunday, pointing to a internal git server (not GitHub) compromise. https://therecord.media/... by @campuscodi Sean Kerner / @techjournalist : Considering how ....slooooowly.. many sites move to new versions as most stick with older versions of PHP (PHP 5.x is all over the place) / this isn't nearly as bad as it could have been https://twitter.com/... Binni Shah / @binitamshah : Malicious commits made to PHP project on https://git.php.net/ to allow RCE, project moved to https://github.com/ : https://news-web.php.net/... Lukasz Olejnik / @lukolejnik : Development servers of PHP compromised. PHP repository itself, too. “maintaining our own git infrastructure is an unnecessary security risk” https://news-web.php.net/... https://twitter.com/...

BleepingComputer