On May 22, 2026, an attacker with a leaked GitHub Personal Access Token rewrote git tags across four Laravel-Lang repositories — laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions — pointing hundreds of historical version tags at commits from a fork they controlled. In a roughly 15-minute window starting at 22:32 UTC, about 233 package versions were poisoned; by the time Packagist pulled the releases on May 23, the count had grown to more than 700 across all four packages, including tags years old like v1.0.0. The injected code lived in a new src/helpers.php file registered under Composer's autoload.files directive, so it ran on every PHP request the instant vendor/autoload.php loaded — no separate install script required. The payload was a roughly 5,900-line credential stealer with fifteen collector modules that shipped stolen AWS, GCP, SSH, and CI/CD secrets to flipboxstudio[.]info. If your Laravel app pulls translation strings from laravel-lang, you need to know exactly what ran, when, and where the data went.
What exactly happened in the Laravel-Lang supply chain attack?
The laravel-lang GitHub organization was compromised on May 22, 2026, when an attacker used a leaked Personal Access Token to rewrite git tags across four widely used Composer packages, redirecting hundreds of historical releases to commits that had never gone through code review. laravel-lang/lang — the flagship package with roughly 7.8k GitHub stars and 502 tags — had every one of those tags repointed, alongside all tags on laravel-lang/http-statuses (v1.0.0 through v3.4.5), 86 tags on laravel-lang/attributes, and 46 tags on laravel-lang/actions. Researchers at Aikido Security and Socket first flagged roughly 233 malicious versions across three of the packages on May 22; by the next day the tally had climbed past 700 as the fourth package and older tags were confirmed compromised. Packagist responded by stripping the malicious releases and temporarily unlisting all four packages while maintainers rebuilt trust in the tag history.
How did the attacker poison hundreds of versions without touching the official source code?
The attacker exploited a quirk in how git and GitHub handle tags: a tag in one repository is allowed to point at a commit that only exists in a fork of that repository. Instead of pushing malicious commits to the laravel-lang default branch — where a diff would be visible to anyone reviewing the repo — the attacker created a malicious fork, committed the backdoor there, and then force-moved the official tags (including years-old ones like v1.0.0) to reference those fork commits. Anyone browsing github.com/laravel-lang/lang on the main branch saw nothing unusual; anyone running composer require laravel-lang/lang:^15.0 or resolving a pinned version through composer.lock got the poisoned commit anyway. This is exactly why version pinning alone didn't help here — pinning protects against upstream code changes, not against upstream tags being repointed, and most manual security reviews only ever look at the default branch.
What did the malicious code actually do once it landed in a project?
The payload ran in two stages, starting the moment Composer's autoloader required src/helpers.php. Stage one disguised itself as ordinary Laravel localization helper functions, dropped an infection marker at <tmp>/.laravel_locale/<md5-hash> so it would only fire once per host, disabled SSL certificate verification, and fetched a second-stage payload from https://flipboxstudio[.]info/payload. Stage two was a roughly 5,900-line PHP credential stealer built from fifteen specialized collector modules, targeting AWS/GCP/Azure keys, cloud instance metadata (169.254.169.254), Kubernetes service-account tokens and kubeconfig files, HashiCorp Vault tokens, CI/CD secrets from GitHub Actions, GitLab CI, Jenkins, CircleCI, and ArgoCD, SSH keys and .env files, credentials from 17 Chromium-based browsers plus Firefox and Thunderbird, password manager vaults, cryptocurrency wallets, Docker registry tokens, and Slack, Discord, and Telegram tokens. Collected data was encrypted with AES-256 and exfiltrated via POST to flipboxstudio[.]info/exfil, and on Windows hosts the malware dropped a binary named DebugChromium.exe. The stealer then deleted its own artifacts within roughly three seconds of finishing, which is why forensic teams that responded even a few minutes late found little more than the infection marker left behind.
Which laravel-lang packages and versions are affected, and how do I check?
All published versions of laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions are considered compromised, because every git tag in all four repos was rewritten during the attack window. To check your own exposure, open composer.lock and compare the resolved commit hash (the "reference" field for each of these four packages) against the package's git history from before May 22, 2026, 22:32 UTC — if the reference postdates the attack window or doesn't match a commit you can trace to a pre-attack pull request, treat it as poisoned. Search your filesystem and container images for src/helpers.php inside vendor/laravel-lang/* and for the marker path <tmp>/.laravel_locale/, and check outbound proxy or firewall logs for any connection to flipboxstudio[.]info. Any CI job, build container, or production host that ran composer install or composer update against these packages after 22:32 UTC on May 22, 2026, should be assumed compromised until proven otherwise, regardless of which specific version number it resolved to.
What should engineering and security teams do right now?
Teams should treat every host or pipeline that installed these packages after May 22, 2026, 22:32 UTC as compromised and work through remediation in a fixed order rather than picking tasks at random. First, block flipboxstudio[.]info at the DNS or firewall layer and pin all four laravel-lang packages to a commit hash verified against pre-attack history rather than a bare version tag. Second, rotate every credential the PHP process could have reached — cloud provider keys, database credentials, the Laravel APP_KEY, SSH deploy keys, CI/CD tokens (GitHub Actions, GitLab, Jenkins, CircleCI), and any Slack, Discord, or Telegram bot tokens present in the environment. Third, rebuild affected hosts and containers from known-clean images instead of attempting to clean them in place, since the stealer deletes its own files within seconds and leaves little for an in-place cleanup to find. Fourth, audit composer.lock files across every repository and CI cache going back to before May 22 to catch pipelines that silently pulled a poisoned tag during a routine composer update. Finally, review and rotate any GitHub Personal Access Tokens with write access to dependency-adjacent repositories, since a leaked PAT — not a code review failure — is what let this attack happen in the first place.
How Safeguard Helps
Incidents like the Laravel-Lang compromise are a race against dwell time, and generic dependency scanning that only checks version numbers against an advisory feed misses attacks built specifically to evade it — this one rewrote tags, not package manifests. Safeguard continuously generates and ingests SBOMs across your repositories, build pipelines, and container images, so the moment laravel-lang/lang, http-statuses, attributes, or actions is flagged, we can tell you within minutes exactly which services resolved to a poisoned commit hash, not just which ones list the package as a dependency. Griffin AI, Safeguard's reasoning engine, layers reachability analysis on top of that match to confirm whether the compromised src/helpers.php autoload path is actually loaded and executed in your running application, filtering out the noise of dependencies that are present but never invoked. For every confirmed exposure, Safeguard opens an auto-fix pull request that pins the dependency to a verified pre-attack commit and lists exactly which credentials your team needs to rotate, turning what took most affected teams days of manual composer.lock archaeology into a fix that ships in minutes.