Hackers impersonated two high-profile PHP developers to insert a backdoor into the runtime that powers most websites on the internet. The code commits were not subtle and were detected within hours when other developers reviewed them. Experts expect supply chain attacks against open-source projects, which are generally run by volunteers with limited resources, to grow in popularity among attackers. The PHP Group, the organization that maintains PHP, has decided to move development to GitHub because maintaining its own git infrastructure that used a home-grown karma system was “an unnecessary security risk””]