THE Laravel-Lang organization experienced a supply chain attack where four of its popular Composer packages were compromised by hackers who maliciously altered Git tags within a 15-minute window on May 22, 2026. The affected packages, used for localization in Laravel applications, had tags falsely directed to a malicious fork controlled by the attackers, allowing them to introduce malware without committing it to the official repository.
This malware targeted various credentials, aiming to harvest information from cloud services, development tools, and user machines across multiple platforms. Organizations are advised to block the malicious packages, check for clean versions, and rotate sensitive credentials.