May 05, 2023 PHP Packagist supply chain poisoned by hacker “looking for a job” I pwned you! Gizza job! You know it makes sense! Naked Security
April 30, 2021 PHP community sidesteps its third supply chain attack in three years Third time lucky! (The first two times were lucky, too, luckily.) Naked Security
August 30, 2018 How one man could have pwned all your PHP programs Popular PHP package repository front end Packagist turned out to have an embarrassing command injection hole - now closed! Naked Security