Ongoing Supply Chain Attack on Composer Packages
Aikido Security@AikidoSecurity🚨 Ongoing supply chain attack on Composer packages! We just found multiple laravel-lang/* packages compromised on Packagist (lang, http-statuses, attributes). At least 50 package versions were compromised.
- ▪Aikido Security@AikidoSecurity🚨 Ongoing supply chain attack on Composer packages!
- ▪We just found multiple laravel-lang/* packages compromised on Packagist (lang, http-statuses, attributes).
- ▪At least 50 package versions were compromised.
Opening excerpt (first ~120 words) tap to expand
Aikido Security@AikidoSecurity🚨 Ongoing supply chain attack on Composer packages! We just found multiple laravel-lang/* packages compromised on Packagist (lang, http-statuses, attributes). Payload runs at autoload time. At least 50 package versions were compromised. If you installed a compromised version, the malware already executed. Pin to a clean COMMIT (not version) and rotate secrets immediately. If your lockfile already had an older commit from before today, you are safe.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at X (formerly Twitter).