The official PHP Git server has been negotiated in a possible attempt to plant malware into the codebase of the PHP project.
Recently, Nikita Popov, PHP programming language developer, and maintainer said in a statement that two malicious commits were appended to the PHP-src repository in his name as well as that of PHP inventor Rasmus Lerdorf.
However, rather than avoiding detection by appearing very benign, contributors who carefully looked at the ‘Fix typo’ commits remarked malicious code that prompted arbitrary code within the user-agent HTTP header if a string started with content related to Zerodium.
To Read More: ZDNet