https://cybercrime.club/tags/php/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usTue, 14 Apr 2026 22:42:37 -0400https://cybercrime.club/posts/composer-cve-2026-40261-40176-command-injection/Tue, 14 Apr 2026 22:42:37 -0400https://cybercrime.club/posts/composer-cve-2026-40261-40176-command-injection/Two high-severity command injection flaws in PHP's Composer package manager allow arbitrary command execution via malicious repository metadata — no Perforce installation required for the worst one.Vulnerability