Threat Actor Compromised 233 Versions of Laravel-Lang Packages by Hacking 700 GitHub Repos

A supply-chain campaign compromised over 700 historical Git tags across Laravel-Lang repositories by pointing tags to malicious forks, causing an autoloaded PHP helper to execute a dropper that fetches a second-stage 5,900-line PHP infostealer. The stealer collects cloud credentials, SSH keys, CI/CD tokens, browser vaults, and other secrets, encrypts them with AES-256, and exfiltrates to flipboxstudio.info; Packagist has unlisted affected packages and immediate credential rotation and host rebuilds are advised.