CSOonline

PHP backdoor attempt shows need for better code authenticity verification

Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure. Unknown attackers managed to break ...
Bleeping Computer

Critical Flaw Fixed in Packagist, PHP's Largest Package Repository

The maintainers of Packagist, the PHP ecosystem's largest package repository, have fixed a critical vulnerability on their official website that could have allowed an attacker to hijack their service.
ZDNet

Mystery still surrounds hack of PHP PEAR website

Details remain foggy about a recent security breach at the PHP PEAR website, a crucial, but lesser-known part of the PHP ecosystem. PEAR, which stands for "PHP Extension and Application Repository," ...
GIGAZINE

It turns out that a hacker impersonated a PHP developer and put a backdoor in the source code

Nikita Popov, one of the developers of PHP, announced on March 28, 2021 that malicious source code had been inserted into PHP. In it, Popov said, 'Yesterday, under the names of Ladov and I, two ...
Bleeping Computer

Researcher hijacks popular Packagist PHP packages to get a job

A researcher hijacked over a dozen Packagist packages—with some having been installed hundreds of millions of times over the course of their lifetime. The researcher reached out to BleepingComputer ...
TheServerSide

4 ways to upload a JAR to a JFrog Artifactory repository

If you're a software developer with POM files at the root of your project, you know a thing or two about obtaining files from a Maven repository. It's easy to pull from Maven central or the in-house ...