A cartoon door leads to a wall of computer code.

Enlarge (credit: BeeBright / Getty Images / iStockphoto)

here and here gave the code the code-injection capability to visitors who had the word “zerodium” in an HTTP header.

PHP.net hacked, code backdoored

The commits were made to the php-src repo under the account names of two well-known PHP developers, Rasmus Lerdorf and Nikita Popov. “We don’t yet know how exactly this happened, but everything points toward a compromise of the git.php.net server (rather than a compromise of an individual git account),” Popov wrote in a notice published on Sunday night.

Read 12 remaining paragraphs | Comments

Similar Posts