Backdoor Added — But Found — in PHP

2021-04-09 13:54

Unknown hackers attempted to add a backdoor to the PHP source code.

It was two malicious commits, with the subject "Fix typo" and the names of known PHP developers and maintainers.

They were discovered and removed before being pushed out to any users.

Since 79% of the Internet's websites use PHP, it's scary.

Developers have moved PHP to GitHub, which has better authentication.

Hopefully it will be enough - PHP is a juicy target.

News URL

https://www.schneier.com/blog/archives/2021/04/backdoor-added-but-found-in-php.html

#backdoor #PHP

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
PHP		9	1	43	113	123	280