Laravel-Lang compromise tagged 700+ versions on May 22–23, 2026, triggering PHP stealers that exfiltrate credentials.
Ravie LakshmananMay 23, 2026Supply Chain Attack / Malware
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework.
The affected packages include -
laravel-lang/lang
laravel-lang/http-statuses
Laravel Lang packages hijacked to deploy credential-stealing malware
Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise
Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack | TechCrunch
Shai-Hulud copycat worm infects yet another npm package
GitHub links repo breach to TanStack npm supply-chain attack
GitHub Worm Hits npm Packages With 16M Downloads
Perché gli hacker stanno trasformando l'open source in un'arma globale
Leaked Shai-Hulud malware fuels new npm infostealer campaign
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
Drupal: Critical SQL injection flaw now targeted in attacks
A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated…
4 malicious npm packages with 3,006 downloads spread stealers and Phantom Bot, forcing removals and secret rotation.
8 Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.
All your compromised credentials are belong to us now instead of the other gang
: Mini Shai-Hulud caught spreading credential-stealing malware
Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff…
