SECURITYBLEEPING COMPUTER
Laravel Lang packages hijacked to deploy credential-stealing malware
A supply chain attack exploited Laravel Lang localization packages by hijacking GitHub version tags to distribute credential-stealing malware via Composer packages, exposing developers to a sophisticated malware campaign.
Mentioned
Related Signal
Adjacent reporting
- Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
- Backdoored PyTorch Lightning package drops credential stealer
- Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
- DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
- ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
- The never-ending supply chain attacks worm into SAP npm packages, other dev tools