On Sunday PHP developers released a blog post announcing compromise of their Git repository and source infected. In light of this breach the developers have decided to move maintenance to GitHub proper and no longer maintain their own infrastructure at https://git.php.net for security and ease of use. While investigation is still underway it should be noted 2 commits are poisoned and not PHP entirely. Nikita Popov commented that within a few hours the malicious code was observed and reverted immediately.
“Yesterday (2021-03-28) two malicious commits were pushed to the php-src
repo  from the names of Rasmus Lerdorf and myself. We don’t yet know how
exactly this happened, but everything points towards a compromise of the
git.php.net server (rather than a compromise of an individual git account).” – Nikita Popov – PHP Internals
PHP is reportedly in 79% of backend website/server code available today and the code injected placed a Remote Code Execution backdoor within a few lines of code available for review on GitHub. Developer by the username “JABirchall” was quick to affirm “This line executes PHP code from within the useragent HTTP header, if the string starts with ‘zerodium’” referring to lines 367-370.