Laravel Lang Supply Chain Advisory
Hundreds of historical Laravel Lang Packagist releases were republished with malicious code, putting Composer installs at risk of credential theft and secret exfiltration.
Read the full articleYou might also wanna read

Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer
Attackers injected a credential stealer into 200+ versions of popular Laravel-Lang packages, delivering a credential stealer targeting cloud
Composer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks
The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems
blog.packagist.com·1mo agoComposer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks
The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems
blog.packagist.com·1mo agoNorth Korean Chollima Group Targets PHP Developers via Malicious Packagist Package
Security researchers discovered obfuscated JavaScript hidden inside a Packagist development version of the legitimate Laravel package
cyberpress.org·1mo agoMicrosoft open source packages compromised with credential-stealing malware targeting AI coding agents
73 packages run self-replicating stealer as soon as they're opened by an AI agent.
arstechnica.com·1mo agoInjective software package hit by malicious supply chain attack – Details
How did a reliable SDK come to reveal the wallet credentials of developers?
Red Hat npm supply chain attack compromises 32 packages with credential-stealing malware
Dozens of packages in the @redhat-cloud-services npm namespace were backdoored with credential-stealing malware aimed at Red Hat developers

Comments
Sign in to join the conversation.
No comments yet. Be the first.