A security note issued from Netcraft should be noted this week:

Netcraft reports the existence of new vulnerabilities in Internet Explorer, as well as exploits that take advantage of those flaws. The exploit uses a combination of JavaScript, iframes, PHP, and timing techniques to gain access to the trusted Intranet Zone on a user's system.

The exploit is launched when a user clicks on a malicious link in an e-mail or Web page. The attack tricks the browser into running code on a remote server as if it were a local help file. While this is happening, a JavaScript that can run with local privileges is downloaded, which launches a remote PHP file that downloads a trojan of the attacker's choice to the compromised system.

Read the full report here. It looks like it's more of a javascript hack than a PHP one, but PHP could definitely be used to cause the majority of the damage in this case...

Thanks to PHP Magazine for the link.