Researcher Names: Thomas Chauchefoin
Link: https://blog.sonarsource.com/php-supply-chain-attack-on-composer
The research discovered vulnerabilities in the central PHP package repository that could have been used to compromise one of the most significant development ecosystems. This is not another code vulnerability that impacts only one software or one company and its supply chain. When carefully exploited with malicious intent, it holds the potential to compromise and backdoor all PHP packages and, with that, almost all code developing companies in the world. That’s some excellent coverage for just a few PHP repository bugs.