Over the weekend, attackers uploaded two malware payloads to the PHP git server, one would have created a backdoor to PHP-enabled websites. Both were found and reverted…
Over the weekend, attackers uploaded two malware payloads to the PHP git server, one would have created a backdoor to PHP-enabled websites. Both were found and reverted before going into production. The two commits were pushed to the php-src repository on Sunday under the user names of PHP maintainers Nikita Popov (nikic) and Rasmus Lerdorf (rlerdorf). The descriptions said they were corrections to „fix typos.
