Laravel-Lang Supply Chain Attack Poisons Over 700 Package Versions via Packagist Tag Hijack, Deploying Cross-Platform Credential Stealer
Attackers rewrote Git tags across four Laravel localization packages to point to malicious forks, poisoning hundreds of versions and deploying a credential stealer targeting cloud keys, SSH, and crypto wallets.
5 min read6 sources