Find notable cyber news and cases, enriched with sources, timelines, and signals.

Laravel Lang organization hit by network compromise

Incident
First reported
Last updated
Happening score
H score 14
1 unique sources, 1 articles

Summary

Hide ▲

The Laravel Lang organization suffered a repository compromise that let attackers rewrite GitHub tags and ship malicious code through Composer installs. The affected packages included laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and possibly laravel-lang/actions. Security researchers said 233 versions across three repositories were compromised, with about 700 historical versions potentially affected. The tag rewrites turned seemingly legitimate releases into a supply-chain risk for developers.

Related Happenings

Microsoft hit by cyberattack

Incident
H score68 First: 09.06.2026 18:42 Last: 09.06.2026 18:42 Sources 1

About this happening: A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...

Miasma self-replicating supply chain attack campaign targeting open-source repositories

Campaign
H score83 First: 06.06.2026 09:58 Last: 06.06.2026 09:58 Sources 1

About this happening: The **Miasma** self-replicating supply-chain campaign has reached **73 Microsoft repositories** across **Azure**, **Azure-Samples**, **Microsoft**, and **MicrosoftDocs** on **GitH...

Miasma GitHub and npm supply-chain campaign

Campaign
H score26 First: 02.06.2026 00:38 Last: 02.06.2026 00:38 Sources 1

About this happening: The **Miasma** supply-chain campaign has expanded into **npm** and the **Go ecosystem**, with **malicious npm releases** affecting **LeoPlatform** and **RStreams** packages and a...

Latest development: 05.06.2026 21:05

A new Miasma wave is linked to 57 compromised npm packages across more than 286 malicious versions, with malicious installs abusing a 157-byte binding.gyp file for code execution during npm install and then staging additional payloads that inject persistent backdoor files into project repositories and target AI-assisted IDE workflows.

Laravel Lang credential-stealer dropper delivered through malicious Composer packages

Malware Activity
H score22 First: 23.05.2026 23:48 Last: 23.05.2026 23:48 Sources 1

How related: The downloaded PHP payload [VirusTotal] was a large cross-platform credential stealer for Linux, macOS, and Windows that harvests cloud credentials, Kubernetes secrets, Vault tokens, Git credentials, CI/CD secrets, SSH keys, browser data, cryptocurrency wallets, password managers, VPN configurations, and local `.env` configuration files.

About this happening: A **malicious Composer payload** in **Laravel Lang** packages now threatens **Linux, macOS, and Windows** developers with credential theft. The injected `src/helpers.php` dropper...

Packagist package.json hook supply chain attack campaign

Campaign
H score39 First: 23.05.2026 19:07 Last: 23.05.2026 19:07 Sources 1

About this happening: A **coordinated supply chain attack campaign** compromised **eight Packagist packages**, creating repeat execution risk for projects that install the affected versions. The malici...

Timeline

  1. 23.05.2026 23:48 2 articles · 1mo ago

    Laravel Lang organization hit by network compromise

    Initial Disclosure

    Attackers rewrote **GitHub tags** in the **Laravel Lang organization** repositories, turning legitimate-looking package releases into a malware delivery path for **Composer** users.

    Show sources