Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer
Attackers injected a credential stealer into 200+ versions of popular Laravel-Lang packages, delivering a credential stealer targeting cloud keys, SSH keys, browsers, crypto wallets and more…
Read the full articleYou might also wanna read
Laravel Lang Supply Chain Advisory
Hundreds of historical Laravel Lang Packagist releases were republished with malicious code, putting Composer installs at risk of credential
Composer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks
The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems
blog.packagist.com·1mo agoComposer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks
The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems
blog.packagist.com·1mo agoRed Hat npm supply chain attack compromises 32 packages with credential-stealing malware
Dozens of packages in the @redhat-cloud-services npm namespace were backdoored with credential-stealing malware aimed at Red Hat developers
npm Supply Chain Attack Exposes Private Repositories, AWS Credentials and More
npm supply chain attacks continue. This time targeting @ctrl/tinycolor and multiple other packages with credential stealer malware. In this
Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages
The Mini Shai-Hulud campaign used malicious npm packages to target cloud and CI/CD credentials across developer environments. This report de
Injective npm supply chain attack leaks crypto wallet keys
ON July 8, 2026, a supply chain attack targeted the Injective blockchain's npm packages, compromising a trusted developer's account to injec

Comments
Sign in to join the conversation.
No comments yet. Be the first.