The PHP core Git repository was compromised, and a bad actor pushed two commits that introduced code injection from an HTTP header to the PHP source and impersonated Nikita Popov and Rasmus Lerdorf.

On the PHP internals mailing list, Nikita  said, "We don’t yet know how

exactly this happened, but everything points towards a compromise of the

git.php.net server (rather than a compromise of an individual git account)."

#news #php

PHP's Git Server Compromised and Malicious Code Pushed to The Source
1.10 GEEK