Credential Stealer

Attackers compromised 700+ versions of Laravel-Lang PHP packages via tag poisoning, deploying a sophisticated stealer targeting cloud credentials, crypto wallets, and browser data. Packagist pulled affected versions.