Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Compromised,
PHP software package repository Packagist revealed that an « attacker » gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date.
« The attacker forked each of the packages and replaced the package description in composer.json with their own message but did not otherwise make any malicious changes, » Packagist’s Nils Adermann said
« The attacker forked each of the packages and replaced the package description in composer.json with their own message but did not otherwise make any malicious changes, » Packagist’s Nils Adermann said
,
PHP software package repository Packagist revealed that an « attacker » gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date.
« The attacker forked each of the packages and replaced the package description in composer.json with their own message but did not otherwise make any malicious changes, » Packagist’s Nils Adermann said
« The attacker forked each of the packages and replaced the package description in composer.json with their own message but did not otherwise make any malicious changes, » Packagist’s Nils Adermann said
, ,
https://thehackernews.com/2023/05/packagist-repository-hacked-over-dozen.html