Laravel-Lang Package Compromise Exposes Thousands to Credential Theft
Cybersecurity researchers confirmed this week that multiple versions of the popular Laravel-Lang PHP packages were compromised in a sophisticated supply chain attack designed to harvest sensitive credentials from developer environments. The malicious code, which affected nearly every tag across multiple Composer packages, was engineered to exfiltrate CI/CD secrets and environment variables to a remote server…