If a PHP release had actually shipped with this code intact, the damage would be astounding, as this would be a simple-to-use backdoor in every web service using PHP.

But here’s the frustrating part—sometimes when you try to update PHP, your site crashes, and you’re left scrambling to figure out which plugin or theme caused the problem.

Nasty bug with very simple exploit hits PHP just in time for the weekend With PoC code available and active Internet scans, speed is of the essence.

Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure.