Tag
high
advisory
Laravel Lang Packages Hijacked in Credential-Stealing Supply Chain Attack
2 rules 4 TTPs 1 IOCAttackers compromised Laravel Lang packages by rewriting GitHub tags, distributing a credential-stealing malware targeting cloud credentials, secrets, keys, browser data, and cryptocurrency wallets across Windows, Linux, and macOS systems.
laravel-lang/lang +3
supply-chain-attack
credential-theft
infostealer
composer
php
github
2r
4t
1i
medium
threat
GitHub Actions GITHUB_TOKEN Disclosure via Composer Validation Failure
2 rules 1 TTPComposer leaks GitHub OAuth tokens in GitHub Actions logs if they do not match the expected format due to a validation regex, leading to potential unauthorized access.
github.com
github
actions
composer
token-leak
cve-2026-45793
2r
1t
high
advisory
Composer Command Injection via Malicious Perforce Repository
2 rules 1 TTPComposer is vulnerable to command injection via a malicious Perforce repository due to improper escaping of user-supplied Perforce connection parameters, potentially leading to arbitrary command execution in the context of the user running Composer.
composer
command-injection
php
2r
1t