MEDIUMSupply Chain
Global

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

·Source: The Hacker News

Updated:

Executive Summary

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions "The timing and pattern of the newly published tags

Analysis

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions "The timing and pattern of the newly published tags
Source Attribution

Originally published by The Hacker News on May 23, 2026.

Related Threats

MEDIUMSupply Chain

Red Hat Cloud Services npm Packages Hijacked

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/red-hat-cloud-services-npm-packages-hijacked" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_miasma_npm_campaign.png" alt="Image with text "Red Hat Hijacked: Malicious Miasma npm campaign"" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0

Sonatype (Maven/npm)
MEDIUMSupply Chain

Red Hat npm packages compromised to steal developer credentials

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [...]

BleepingComputer
CRITICALSupply ChainPOC

Oracle’s first monthly patch release fixes 35 flaws, including 11 rated ‘critical’

Oracle has released the first security fixes in its new monthly Critical Security Patch Update (CSPU) cycle, designed to address urgent vulnerabilities that can’t wait for the company’s quarterly patching. The initial batch addresses 35 flaws, including several for which exploit code is publicly available. In total, there are 11 flaws rated ‘critical’ , 18 rated ‘high’, and 6 ‘medium’. The most im

CVE-2026-46840CVE-2026-46775
CSO Online