Hackers Compromise Laravel-Lang Packages via 700 GitHub Repos

ID: b34b92c3-1e95-5358-a1e9-9328ddee806a

STIX ID: report--b34b92c3-1e95-5358-a1e9-9328ddee806a

Feed Name: GBHackers

Threat Score

Date Published: 2026-05-23

Date Updated: 2026-05-23

Author: Eswar

...

A supply-chain attack detected on May 22–23, 2026 compromised over 700 historical versions of four Laravel-Lang PHP localization packages by creating release tags pointing to commits in attacker-controlled forks. The malicious autoloaded src/helpers.php dropper provides RCE, contacts flipboxstudio.info to retrieve a large cross-platform credential-stealing payload that harvests cloud and developer secrets, browser passwords, and cryptocurrency wallets, exfiltrates encrypted data, and self-deletes; Packagist removed the tainted versions and users should treat impacted hosts as fully compromised and rotate/rebuild affected assets.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.