top of page
ALL POSTS
Supply Chain Attack: 700+ Laravel Lang Versions Infected with RCE Backdoor
Key Findings Over 700 historical versions of laravel-lang localization packages compromised with RCE backdoors across multiple repositories Attack occurred May 22-23, 2026 with automated mass tag publishing seconds apart, indicating infrastructure-level breach Malicious code executes automatically via composer autoload.files on every PHP request in affected applications Second-stage payload deploys 17 specialized credential collectors targeting cloud keys, Kubernetes tokens,
May 233 min read
CISA Adds Apple, Laravel Livewire, and Craft CMS Vulnerabilities to Known Exploited List
Key Findings CISA added five critical vulnerabilities to its Known Exploited Vulnerabilities catalog, including three Apple flaws, one Craft CMS code injection, and one Laravel Livewire vulnerability Three Apple vulnerabilities are linked to active exploitation by the DarkSword iOS exploit kit Craft CMS flaws have been actively exploited in the wild to breach servers and steal data Laravel Livewire vulnerability is associated with Iran-nexus APT group MuddyWater Federal agenc
Mar 232 min read
Massive Exposure: CVSS 9.8 RCE Vulnerability Impacts Laravel Reverb
Key Findings A critical Remote Code Execution (RCE) vulnerability with a CVSS score of 9.8 has been discovered in the Laravel Reverb framework. The vulnerability, which allows unauthenticated attackers to execute arbitrary code, affects an estimated 7 million websites and applications that use the Laravel Reverb framework. The vulnerability is caused by insecure deserialization of user-supplied data, which can lead to remote code execution. Successful exploitation of this vul
Jan 222 min read
bottom of page
