MEDIUMSupply Chain
Global

Laravel Lang packages hijacked to deploy credential-stealing malware

·Source: BleepingComputer

Updated:

Executive Summary

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. [...]

Analysis

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. [...]
Source Attribution

Originally published by BleepingComputer on May 23, 2026.

Related Threats

MEDIUMSupply Chain

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve

The Hacker News
MEDIUMSupply Chain

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to composer.json," Socket said. "Instead, it was inserted into package.json, targeting projects that ship JavaScript

The Hacker News
LOWSupply Chain

Laravel Lang Supply Chain Advisory

Hundreds of historical Laravel Lang Packagist releases were republished with malicious code, putting Composer installs at risk of credential theft and secret exfiltration.

Snyk