Four Laravel-Lang Packages Poisoned in Supply Chain Attack

Learn about the Laravel localization package breach affecting AWS, Azure keys, and more. Immediate action required for compromised systems.

By Content Team

May 27, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Four widely-used Laravel localization packages were compromised in a supply chain attack starting May 22. Hackers rewrote Git tags across over 700 historical versions of laravel-lang/lang, http-statuses, attributes, and actions — without ever touching the official repos. Instead, they pointed tags to commits in a malicious fork they controlled.

The malware connected to a C&C server to deploy a PHP credential stealer targeting AWS, GCP, Azure keys, SSH private keys, Kubernetes tokens, browser passwords, crypto wallets, and more — across Windows, Linux, and macOS.

Any system that installed or updated these packages should be treated as compromised, and all secrets rotated immediately.

Source: SecurityWeek

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Hackers Exploit Critical cPanel Flaw to Breach Military Servers and Steal 4GB of Sensitive Data

May 3, 2026

Fake Claude AI Sites Spread Malware Through Google Ads

Mar 11, 2026

Tech-Savvy Zillennial Falls for Banking Scam Despite Cybersecurity Training

Feb 2, 2026

Victorian Teacher's Identity Stolen After Submitting Rental Applications Online

Feb 8, 2026