All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Laravel Lang Supply Chain Advisory

Hundreds of historical Laravel Lang Packagist releases were republished with malicious code, putting Composer installs at risk of credential theft and secret exfiltration.

Read the full article
1mo agoen

You might also wanna read

Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer

Attackers injected a credential stealer into 200+ versions of popular Laravel-Lang packages, delivering a credential stealer targeting cloud

aikido.dev·1mo ago

Composer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks

The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems

blog.packagist.com·1mo ago

Composer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks

The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems

blog.packagist.com·1mo ago

North Korean Chollima Group Targets PHP Developers via Malicious Packagist Package

Security researchers discovered obfuscated JavaScript hidden inside a Packagist development version of the legitimate Laravel package

cyberpress.org·1mo ago

Microsoft open source packages compromised with credential-stealing malware targeting AI coding agents

73 packages run self-replicating stealer as soon as they're opened by an AI agent.

arstechnica.com·1mo ago

Injective software package hit by malicious supply chain attack – Details

How did a reliable SDK come to reveal the wallet credentials of developers?

BitRss·1d ago

Red Hat npm supply chain attack compromises 32 packages with credential-stealing malware

Dozens of packages in the @redhat-cloud-services npm namespace were backdoored with credential-stealing malware aimed at Red Hat developers

briefly.co·1mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.