Two updates pushed to the PHP Git server over the weekend added a line that, if run by a PHP-powered website, would have allowed visitors with no authorization to execute code of their choice.

Due to the availability of public PoC code and the simplicity of exploiting this bug, website owners are advised to check server settings and update PHP as soon as possible if they run the ...

Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure.

Hundreds of e-commerce sites hacked in supply-chain attack Attack that started in April and remains ongoing runs malicious code on visitors' devices.

Unknown attackers have deployed a newly discovered backdoor dubbed Msupedge on a university's Windows systems in Taiwan, likely by exploiting a recently patched PHP remote code execution ...