All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter
First reported by Snyk
Laravel Lang Supply Chain Advisory

Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer

Attackers injected a credential stealer into 200+ versions of popular Laravel-Lang packages, delivering a credential stealer targeting cloud keys, SSH keys, browsers, crypto wallets and more…

Read the full article
1mo ago

You might also wanna read

Laravel Lang Supply Chain Advisory

Hundreds of historical Laravel Lang Packagist releases were republished with malicious code, putting Composer installs at risk of credential

Snyk·1mo ago

Composer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks

The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems

blog.packagist.com·1mo ago

Composer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks

The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems

blog.packagist.com·1mo ago

Red Hat npm supply chain attack compromises 32 packages with credential-stealing malware

Dozens of packages in the @redhat-cloud-services npm namespace were backdoored with credential-stealing malware aimed at Red Hat developers

briefly.co·1mo ago

npm Supply Chain Attack Exposes Private Repositories, AWS Credentials and More

npm supply chain attacks continue. This time targeting @ctrl/tinycolor and multiple other packages with credential stealer malware. In this

safedep.io·9mo ago

Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages

The Mini Shai-Hulud campaign used malicious npm packages to target cloud and CI/CD credentials across developer environments. This report de

microsoft.com·1mo ago

Injective npm supply chain attack leaks crypto wallet keys

ON July 8, 2026, a supply chain attack targeted the Injective blockchain's npm packages, compromising a trusted developer's account to injec

cybersixt.com·1d ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.