WeSearch

Ongoing Supply Chain Attack on Composer Packages

https://x.com/AikidoSecurity· ·1 min read · 0 reactions · 0 comments · 20 views
#ongoing#supply#chain#attack#composer
Ongoing Supply Chain Attack on Composer Packages
TL;DR · WeSearch summary

Aikido Security@AikidoSecurity🚨 Ongoing supply chain attack on Composer packages! We just found multiple laravel-lang/* packages compromised on Packagist (lang, http-statuses, attributes). At least 50 package versions were compromised.

Key facts
Original article
X (formerly Twitter) · https://x.com/AikidoSecurity
Read full at X (formerly Twitter) →
Opening excerpt (first ~120 words) tap to expand

Aikido Security@AikidoSecurity🚨 Ongoing supply chain attack on Composer packages! We just found multiple laravel-lang/* packages compromised on Packagist (lang, http-statuses, attributes). Payload runs at autoload time. At least 50 package versions were compromised. If you installed a compromised version, the malware already executed. Pin to a clean COMMIT (not version) and rotate secrets immediately. If your lockfile already had an older commit from before today, you are safe.

Excerpt limited to ~120 words for fair-use compliance. The full article is at X (formerly Twitter).

Anonymous · no account needed
Share 𝕏 Facebook Reddit LinkedIn Threads WhatsApp Bluesky Mastodon Email

Discussion

0 comments