The official PHP Git repository was hacked and the code base tampered with yesterday. Two malicious commits were pushed to the PHP-src Git repository maintained by the PHP team on their git.php.net server. The changes were on the development branch for PHP 8.1, which is due to be released at the end of the year. PHP maintainers have decided to migrate the official PHP source code repository to GitHub as a precaution following this incident. PHP maintains that any code changes will be pushed directly to GitHub.
Source: https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/