The Hacker News

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Laravel-Lang compromise tagged 700+ versions on May 22–23, 2026, triggering PHP stealers that exfiltrate credentials.
techtimes

Laravel Supply Chain Attack Backdoors 5,561 Repos: Git Tag Rewrite Defeats Version Pinning

On the night of May 22, 2026, an unidentified attacker with push access to the Laravel-Lang GitHub organization rewrote every existing version tag across four widely used PHP localization packages — ...

All You Need To Know About Cloudflare’s Agent Readiness Score

The Cloudflare Agent Readiness Score is a real shift. The composite number is also the wrong thing to optimize for. Here's ...

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...