Laravel Lang packages compromised in GitHub tag abuse attack
Attackers hijacked popular PHP localization libraries via malicious Composer releases, deploying credential-stealing malware to developer environments worldwide.
A supply chain attack has compromised Laravel Lang, a widely used set of PHP localization packages, after threat actors exploited GitHub version tagging to inject malicious code into Composer distributions. The attack targeted developers using Laravel, one of the most popular PHP frameworks.
The attackers abused GitHub's tag system to push compromised versions of the packages through Composer, PHP's dependency manager. Once installed, the malicious code deployed credential-stealing malware designed to exfiltrate sensitive data from developer machines. The technique bypassed traditional supply chain defenses by manipulating version control metadata rather than compromising maintainer accounts directly.
Laravel Lang provides translation files and localization utilities for Laravel applications, making it a high-value target with broad reach across the PHP development community. The packages are installed automatically as dependencies in many Laravel projects, amplifying the attack's potential impact.
- 01PHP developers using Laravel Lang must audit systems for credential compromise and rotate secrets
- 02Organizations relying on Composer dependencies face exposure if automated updates ran during the attack window
- 03Package maintainers should review GitHub tag permissions and implement signing verification
- 04Security teams must expand supply chain monitoring beyond account compromise to include version control manipulation
Ransomware attack executed entirely by AI agent, researchers report
JadePuffer operation marks what may be the first documented case of a fully autonomous LLM-driven ransomware deployment from reconnaissance to encryption.
Agentic AI Executes Multi-Stage Ransomware Attack via Langflow
Demonstration shows large language model agents autonomously combining exploitation techniques with real-time reasoning to conduct complex intrusions without human intervention.
FortiBleed Attackers Monetize Firewall Access Through Ransomware Partnerships
Actors who compromised thousands of Fortinet devices are now collaborating with Inc and Lynx ransomware groups, adding Nextcloud exploitation to their toolkit.