Severe security bug found in popular PHP library for creating PDF files Vulnerability patched last year, but many websites and web apps will most likely remain vulnerable for years.

As in the SolarWinds attack, the PHP hackers targeted the code base of a widely used library so that the changes they made would impact instances of the software run by end users.

Security researchers this week identified two corrupt Python and PHP packages in what appears to be yet another instance of a software supply chain attack targeting the open-source ecosystem ...