Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework.

The affected packages include -


laravel-lang/lang
laravel-lang/http-statuses
laravel-lang/attributes
laravel-lang/actions

"The timing and pattern of the newly published tags



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/05/laravel-lang-php-packages-compromised.html