The PHP project announced that attackers were able to gain access to its main Git server, uploading two malicious commits, including a backdoor. The commits were pushed to the PHP-src repository, thus offering attackers a supply-chain opportunity to infect websites that pick up the malicious code believing it to be legit. PHP is moving its servers to GitHub, making them canonical, and is reviewing all of its repositories for any corruption beyond the two commits that were found. In March, researchers spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow.
Source: https://threatpost.com/php-infiltrated-backdoor-malware/165061/