Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack

Researchers discovered a supply‑chain attack against four Laravel‑Lang Composer packages where attackers rewrote hundreds of Git tags across multiple repositories to point to a malicious fork, causing a cross‑platform PHP info‑stealer to be delivered as a second‑stage payload that exfiltrates cloud credentials, CI/CD/Kubernetes secrets, browser and wallet data; organizations are advised to assume compromise, inspect composer.lock, rotate all credentials, rebuild from trusted images, and preserve forensic data.