Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework.
The affected packages include -
laravel-lang/lang
laravel-lang/http-statuses
laravel-lang/attributes
laravel-lang/actions
"The timing and pattern of the newly published tags
source https://thehackernews.com/2026/05/laravel-lang-php-packages-compromised.html
source https://thehackernews.com/2026/05/laravel-lang-php-packages-compromised.html
