In the latest software supply chain attack, the official PHP Git repository was hacked and tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by ...

Two updates pushed to the PHP Git server over the weekend added a line that, if run by a PHP-powered website, would have allowed visitors with no authorization to execute code of their choice.

The PHP project on Sunday announced that attackers were able to gain access to its main Git server, ... Both commits claimed to “fix a typo” in the source code.

Unknown attackers compromised the official PHP Git server and planted a backdoor in the source code of the programming language, potentially putting websites using the tainted code at risk of ...

Sysdig exposed how a trusted GitHub feature can silently hand control to attackers pull_request_target isn’t just risky, it’s ...

We just received a tip that the source code for the Facebook main index page has been leaked and published on a blog called Facebook Secrets.There are at least two possible ways that the source ...

The bigger problem will be the projects that are in limbo. A common feature of all open source project platforms—SourceForge, GitHub, Bitbucket, Microsoft's CodePlex, Google Code, and every ...

The projects themselves all appear to be related to web-based infrastructure, websites or mobile apps and at this time, it seems that Lapsus$ did not steal any source code for Microsoft's desktop ...