Laravel Lang packages hijacked to deploy credential-stealing malware

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated ...
Arabian Post

Laravel-Lang breach exposes Composer supply chain risks

Hackers have compromised the Laravel-Lang open-source ecosystem, turning trusted PHP localisation packages into a vehicle for credential theft and remote code execution across developer machines and ...
The Hacker News

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Laravel-Lang compromise tagged 700+ versions on May 22–23, 2026, triggering PHP stealers that exfiltrate credentials.
SecurityWeek

Laravel-Lang Packages Poisoned for Malware Delivery

Hackers rewrote all Git tags across four Laravel-Lang packages, poisoning over 700 historical versions with backdoors.
techtimes

Laravel Supply Chain Attack Backdoors 5,561 Repos: Git Tag Rewrite Defeats Version Pinning

On the night of May 22, 2026, an unidentified attacker with push access to the Laravel-Lang GitHub organization rewrote every existing version tag across four widely used PHP localization packages — ...
heise online

Laravel IDEA 10 automatically completes database and field entries

With the release of Laravel IDEA version 10, the plug-in for the JetBrains development environment PhpStorm brings significant innovations that are intended to make working with the Laravel framework ...