GigaTap articles tagged Composer.
- Laravel Lang tag hijack turned old versions into malware - Attackers rewrote GitHub release tags for third-party Laravel Lang packages, causing Composer installs to pull credential-stealing malware from what looked
- Laravel Lang Backdoor: Check Composer Before Secrets Leak - Socket reports a compromise in third-party Laravel Lang packages, with malicious Composer autoload code able to execute and harvest cloud, CI/CD, and devel
- Laravel-Lang compromise shows the risk inside release tags - A reported compromise of Laravel-Lang PHP packages used rewritten git tags and Composer autoload behavior to run a cross-platform credential stealer.
- Packagist attack shows a blind spot in mixed PHP builds - Eight Packagist packages were reportedly modified to run a Linux binary via GitHub Releases, with malicious code placed in package.json rather than compose
- Laravel Lang attack shows how package tags can betray trust - Snyk says hundreds of historical Packagist versions for Laravel localization packages were republished with credential-stealing malware. The key failure wa
- Composer token leak risk: update before CI logs bite - A GitHub token format change exposed a Composer error path that could print Actions tokens into CI logs. PHP teams should update Composer and review recent