Laravel

(3 articles)

May 23, 2026

Laravel Lang Packages Hijacked: Credential Malware

Attackers hijacked Laravel Lang Composer packages via tag rewrites to deploy a cross-platform credential stealer. Here's what happened and how to respond.

May 23, 2026

Laravel-Lang PHP Packages Hit by Credential Stealer

Laravel-Lang PHP packages were compromised to deliver a cross-platform credential stealer. Here's what developers need to know and how to protect your apps.

March 21, 2026

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

CISA added Apple, Craft CMS, and Laravel vulnerabilities to its KEV catalog, mandating federal agencies patch by April 3, 2026.