Code hosting website GitHub announced today plans to add support for a Dependency Graph for Composer-based PHP projects.

Essentially the code was a backdoor that would have allowed an attacker to execute arbitrary code on any web server running this Trojanized version of PHP by simply sending requests to it with a ...

The packages weaponized a proof-of-concept (PoC) code dependency-confusion exploit that was recently devised by security researcher Alex Birsan to inject rogue code into developer projects.

In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository ...