Laravel‑Lang packages compromised — credential theft

Colleagues, please note: Laravel‑Lang packages have been compromised and now deliver a cross‑platform stealer.
Brief:
- Socket and Aikido: mass republishing (>700 tags), release infrastructure compromised.
- Malware in src/helpers.php (composer autoload.files) fingerprints host and fetches payload from flipboxstudio.info.
- Executes on Windows (VBScript), Linux and macOS; harvests cloud tokens, CI/CD secrets, wallets, browsers, SSH and config files; encrypts with AES‑256 and exfiltrates to /exfil.
Why it matters: dependency compromises lead to environment breaches.
Recommendation: inspect composer.json, scan laravel‑lang, block/monitor flipboxstudio.info and rotate secrets.
How do you verify external dependencies?
#cybersecurity #supplychain #PHP #DevSecOps


Latest comments
No comments yet.