Laravel Lang Packages Hijacked to Deploy Credential-Stealing Malware

Laravel Lang packages hijacked to deploy credential-stealing malware

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages.

Laravel-Lang Composer Tag-Rewrite Supply-Chain Attack

Attackers rewrote tags in four Laravel-Lang Composer packages to inject a PHP credential stealer. Learn what happened and how to remediate.

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions "The timing and pattern of the newly published tags

Hackers Compromised 233 Versions of Laravel-Lang Packages by Hacking 700 GitHub Repos

A highly sophisticated supply chain attack has compromised the Laravel-Lang ecosystem, injecting credential-stealing remote code execution backdoors into 233 package versions across 700 GitHub repositories. Discovered in May 2026 by Socket and Aikido, threat actors manipulated GitHub tags to distribute malware through Composer’s autoloader, granting complete remote access to developer environments. The attackers bypassed direct repository commit…