The official PHP Git repository was hacked, adding a backdoor RCE to the PHP source code; PHP maintainer says the changes were reverted within a few hours
This commit does not belong to any branch on this repository … Mark Sullivan / Fast Company : Hackers put a back door in a code library that powers 79% of websites Tweets: Sam Kottler / @samkottler : The PHP project is moving to GitHub after their Git infrastructure was exploited to push two malicious commits - https://news-web.php.net/... @malwaretechblog : Hahahaha. My guess is someone compromised one of the php contributors, tries to sell the access to Zerodium, then got mad and did this when they wouldn't buy it. https://twitter.com/... https://twitter.com/... John Regehr / @johnregehr : brazen attempt to insert backdoor with commit messages “Fix typo” 🤣 https://news-web.php.net/... https://twitter.com/... @malwaretechblog : @pwnallthethings hmm yeah, according to the mailing list they think the server itself got owned https://news-web.php.net/... Artem Russakovskii / @artemr : PHP's source code git repo was compromised over the weekend and added a backdoor RCE. https://news-web.php.net/... A good write-up on the hack https://www.wordfence.com/.... Hamid K / @hkashfi : Somebody was too bored and lazy to find an RCE in their target's PHP application within a day or two, so they went ahead and backdoored the PHP itself instead :> “sold to zerodium in 2017” ?! Nice prank. https://github.com/... PHP Community / @phpc : Congrats to the internals team who moved quickly to revert these commits and mitigate the risk of future malicious commits to the official php-src repository! https://www.bleepingcomputer.com/ ... @j0hnnyxm4s : I think the biggest issue with “supply chain attacks” is folks who think this vector doesn't apply to them because they don't work in manufacturing. https://www.bleepingcomputer.com/ ... @spazef0rze : PHP source starts using GitHub as a main repository (previously a mirror only) after the zlib extension has been backdoored on Sunday, pointing to a internal git server (not GitHub) compromise. https://therecord.media/... by @campuscodi Sean Kerner / @techjournalist : Considering how ....slooooowly.. many sites move to new versions as most stick with older versions of PHP (PHP 5.x is all over the place) / this isn't nearly as bad as it could have been https://twitter.com/... Binni Shah / @binitamshah : Malicious commits made to PHP project on https://git.php.net/ to allow RCE, project moved to https://github.com/ : https://news-web.php.net/... Lukasz Olejnik / @lukolejnik : Development servers of PHP compromised. PHP repository itself, too. “maintaining our own git infrastructure is an unnecessary security risk” https://news-web.php.net/... https://twitter.com/...