The Hacker News

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Laravel-Lang compromise tagged 700+ versions on May 22–23, 2026, triggering PHP stealers that exfiltrate credentials.
techtimes

Laravel Supply Chain Attack Backdoors 5,561 Repos: Git Tag Rewrite Defeats Version Pinning

On the night of May 22, 2026, an unidentified attacker with push access to the Laravel-Lang GitHub organization rewrote every existing version tag across four widely used PHP localization packages — ...