top of page
perceptive_background_267k.jpg

Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets

Published:

2 June 2026 at 17:33:16

Alert date:

2 June 2026 at 20:01:42

Source:

stepsecurity.io

Click to open the original link from this advisory

Supply Chain & Dependencies, Web Technologies

On May 22, 2026, an attacker with push access to the Laravel-Lang GitHub organization executed a sophisticated supply chain attack by rewriting every git tag across multiple popular Composer packages within 15 minutes. The attack targeted laravel-lang/http-statuses, laravel-lang/actions, and laravel-lang/attributes packages. Anyone running composer update or installing fresh packages now pulls malicious payload that exfiltrates CI secrets to a typosquatted attacker domain. StepSecurity confirmed end-to-end exploitation and filed security issues in all affected repositories.

Technical details

Mitigation steps:

Affected products:

Laravel-Lang
Composer
laravel-lang/http-statuses
laravel-lang/actions
laravel-lang/attributes

Related links:

https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page