Severe security bug found in popular PHP library for creating PDF files Vulnerability patched last year, but many websites and web apps will most likely remain vulnerable for years.

As in the SolarWinds attack, the PHP hackers targeted the code base of a widely used library so that the changes they made would impact instances of the software run by end users.

Python's ctx library and a fork of PHP's phpass have been compromised. 3 million users combined. The malicious code sends all the environment variables to a heroku app, likely to mine AWS credentials.