Laravel Lang packages hijacked to deploy credential-stealing malware
A supply chain attack has compromised Laravel Lang packages, leading to the distribution of credential-stealing malware. Attackers exploited GitHub version tags to inject malicious code into Composer packages without altering the original source code. Security firms have reported that hundreds of versions across multiple repositories were affected, prompting urgent warnings for developers to review their installations.
- ▪Attackers hijacked Laravel Lang localization packages to deploy credential-stealing malware.
- ▪The attack involved rewriting GitHub tags to point to malicious commits instead of publishing new versions.
- ▪Researchers found that the malware could extract sensitive data from various platforms and send it to an attacker-controlled server.
Opening excerpt (first ~120 words) tap to expand
Laravel Lang packages hijacked to deploy credential-stealing malware By Lawrence Abrams May 23, 2026 04:48 PM 0 A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. Security firms StepSecurity, Aikido Security, and Socket warned about the compromise on Friday, warning that attackers had rewritten GitHub tags across four repositories maintained by the Laravel Lang organization rather than publishing entirely new malicious versions. The affected packages include laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and possibly laravel-lang/actions.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at BleepingComputer.
Discussion
0 commentsMore from BleepingComputer
