Laravel-Lang Composer packages hijacked — 700+ versions ship a credential stealer
Attackers rewrote Git tags across four Laravel-Lang repos to point at a malicious fork, planting a Composer-autoloaded stealer that runs on every request. Packagist has unlisted the packages.