Packagist

Supply Chain 2026-05-23
Laravel-Lang Supply Chain Attack: 233 Package Versions Backdoored to Steal Cloud and CI/CD Secrets
Attackers repointed git tags across four Laravel-Lang Composer packages to a malicious fork, backdooring 233 versions with a credential stealer that drains cloud, CI/CD, and developer secrets.
supply-chain packagist composer php laravel credential-theft malware

Laravel-Lang Supply Chain Attack: 233 Package Versions Backdoored to Steal Cloud and CI/CD Secrets