Cybersecurity researchers said attackers compromised multiple PHP packages in the Laravel-Lang ecosystem and used Composer packages to distribute a cross-platform credential-stealing framework. The affected packages identified by The Hacker News include laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes and laravel-lang/actions. Socket said the timing and pattern of newly published tags pointed to a compromise of the Laravel Lang organization's release process, not a singl...

Read the original article