Attackers compromised Laravel Lang localization packages to distribute credential-stealing malware through Composer. The supply chain attack exploited GitHub version tags to reach developers.
A significant supply chain attack has compromised Laravel Lang, a popular localization package used by PHP developers. Attackers gained control of the package distribution, leveraging GitHub version tags to push malicious code to developers who installed or updated affected versions through Composer, PHP's package manager.
The malware is designed to steal credentials and sensitive information from compromised development environments. This attack highlights vulnerabilities in open-source supply chains, where a single compromised package can expose numerous downstream users to security risks.
Laravel Lang provides localization functionality for the Laravel web framework, making it a high-value target. The package's widespread use across the PHP developer community amplifies the potential impact of this compromise.
The attack demonstrates attackers' sophistication in exploiting version control systems. By manipulating tags, they distributed malware in a way that appeared legitimate to automated dependency management tools. This method bypasses traditional security checks that developers might perform on package contents.
Developers using affected Laravel Lang versions are advised to:
- Review their systems for suspicious activity
- Rotate credentials used in development environments
- Check Composer lock files for compromised versions
- Update to patched versions immediately
- Audit recent changes and deployments
The incident underscores ongoing challenges in securing open-source ecosystems. Package managers like Composer handle millions of installations daily, making them attractive targets for attackers seeking broad distribution of malware. Projects have implemented various security measures, but determined attackers continue to find new vectors.
Maintainers of Laravel Lang and the broader Laravel community have been notified. Security advisories are expected to provide specific version numbers affected and safe alternatives. This incident will likely prompt increased scrutiny of dependency management practices across PHP development teams.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.