This page collects WhisperX intelligence signals tagged #php-security. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical unsafe deserialization vulnerability in PHPUnit's PHPT code coverage handling module has been assigned CVE-2026-24765, prompting a coordinated security response across the PHP development ecosystem. The flaw, tracked as GHSA-vvj3-c3rp-c85p in GitHub's advisory database, resides in how PHPUnit processes PHPT ...
The Packagist team has issued an urgent call for users to update their Composer installations immediately following the discovery of a GitHub Actions token leak that could expose the PHP package ecosystem to supply chain attacks. Socket, the software supply chain security firm that first reported the incident, warned t...