PHP software package repository Packagist revealed that an « attacker » gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date.
« The attacker forked each of the packages and replaced the package description in composer.json with their own message but did not otherwise make any malicious changes, » Packagist’s Nils Adermann said
