Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure.

The packages weaponized a proof-of-concept (PoC) code dependency-confusion exploit that was recently devised by security researcher Alex Birsan to inject rogue code into developer projects.

Code hosting website GitHub announced today plans to add support for a Dependency Graph for Composer-based PHP projects.

The team behind scripting language PHP has announced PHP version 8.0, a major release that may require developers to review code for any breaking changes.

A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide.

PHP.net hacked, code backdoored The commits were made to the php-src repo under the account names of two well-known PHP developers, Rasmus Lerdorf and Nikita Popov.