Unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The changes were committed as “Fix Typo” in an attempt to slip through undetected as a typographical correction. It’s not immediately clear if the tampered codebase was downloaded and distributed by other parties before the changes were spotted and reversed. The development comes almost two months after researchers demonstrated a novel supply chain attack called “dependency confusion” that’s designed to execute unauthorized code inside a target’s software build system.
Source: https://thehackernews.com/2021/03/phps-git-server-hacked-to-insert-secret.html