top of page
ALL POSTS
Supply Chain Attack: 700+ Laravel Lang Versions Infected with RCE Backdoor
Key Findings Over 700 historical versions of laravel-lang localization packages compromised with RCE backdoors across multiple repositories Attack occurred May 22-23, 2026 with automated mass tag publishing seconds apart, indicating infrastructure-level breach Malicious code executes automatically via composer autoload.files on every PHP request in affected applications Second-stage payload deploys 17 specialized credential collectors targeting cloud keys, Kubernetes tokens,
May 233 min read
PHP Composer Vulnerabilities Allow Remote Code Execution Through Perforce Integration
Key Findings Two high-severity command injection vulnerabilities discovered in PHP Composer's Perforce VCS driver CVE-2026-40176 (CVSS 7.8) and CVE-2026-40261 (CVSS 8.8) allow arbitrary command execution through malicious repository configs and crafted inputs Patches released: Composer 2.9.6 (mainline) and 2.2.27 (LTS) No active exploitation detected on Packagist.org or Private Packagist as of April 10, 2026 Perforce metadata publishing temporarily disabled as precaution Back
Apr 152 min read
bottom of page
