critical
Laravel-Lang Composer Tag Rewrite RCE Compromise
Laravel-Lang packages were compromised through rewritten Composer tags that loaded a PHP backdoor through Composer autoload and exposed developer, CI/CD, cloud, and application secrets.
On this page 0% read
Executive Summary
Laravel-Lang packages were compromised through rewritten Git tags, causing Composer installs that trusted historical version tags to resolve to malicious commits. StepSecurity confirmed four affected repositories and specific tag rewrite windows beginning on 2026-05-22, while Socket reported broader Laravel-Lang impact across roughly 700+ historical package versions StepSecurity Socket.
The malicious commits added src/helpers.php and registered it through Composer autoload.files, so execution occurred when a PHP application loaded vendor/autoload.php. Hosts or CI runners that installed affected tags should be treated as potentially compromised because the payload fetched second-stage code, dropped temporary loaders under /tmp, and targeted local secrets and CI/cloud credentials StepSecurity Socket.
Key Facts
threat_type: "Composer package tag rewrite and RCE backdoor"
ecosystem: "Composer"
registry: "Packagist"
affected_packages:
- "laravel-lang/lang"
- "laravel-lang/http-statuses"
- "laravel-lang/actions"
- "laravel-lang/attributes"
malicious_versions:
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
- "laravel-lang/[email protected]"
known_good_versions: []
fixed_or_safe_versions: []
execution_trigger: "Composer autoload.files loading src/helpers.php"
primary_impact: "remote code execution, CI/CD credential theft, developer and application secret theft"
campaign_context: "One of several May 2026 supply-chain incidents targeting mutable source-control trust anchors."
confidence: "high"
canonical_source: "https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack"
last_verified: "2026-05-24"Source Confidence & Evidence Mapping
- confirmed: StepSecurity reports tag rewrites across four Laravel-Lang repositories, including
laravel-lang/lang,laravel-lang/http-statuses,laravel-lang/actions, andlaravel-lang/attributesStepSecurity. - confirmed: The malicious Composer path uses
autoload.filesto loadsrc/helpers.php, which executes whenvendor/autoload.phpis required StepSecurity. - confirmed: Socket reports a broader Laravel-Lang compromise affecting roughly 700+ historical versions and describes credential collection across cloud, CI/CD, Kubernetes, Vault, browser, SSH, and application configuration sources Socket.
- likely: Additional Laravel-Lang packages beyond StepSecurity’s four confirmed repositories were affected, based on Socket’s broader package set and version count Socket.
- unclear: Final cleanup status for every historical tag should be rechecked before any affected dependency is re-enabled.
Impact Determination
| Classification | Criteria | Required evidence | Required action | Closure condition |
|---|---|---|---|---|
| Confirmed compromise | A host or runner installed an affected Laravel-Lang tag and loaded vendor/autoload.php with the malicious helper or reached flipboxstudio[.]info. | composer.lock, vendor tree, process telemetry, DNS/proxy events, and CI logs. | Isolate the host or runner, preserve the vendor tree, and rotate local, CI/CD, cloud, Kubernetes, Vault, SSH, and application secrets. | Clean dependencies are deployed and downstream audit modules show no suspicious credential use. |
| Presumed exposed | Affected tags were installed after the rewrite window and Composer autoload likely ran, but network telemetry is absent. | Dependency install time, lockfile source SHAs, application boot logs, and CI job timeline. | Rotate secrets reachable from the application, developer host, or CI runner from a clean environment. | Affected dependency paths are rebuilt and credential owners confirm revocation of old material. |
| Potentially exposed | Laravel-Lang packages appear in manifests, but install timing, tag SHA, or autoload execution is not established. | Manifest, lockfile, package cache, CI install records, and application deployment history. | Collect source SHA and execution evidence before narrowing host and credential scope. | Each install is mapped to a clean or malicious commit and execution state. |
| Not exposed | No affected packages or rewritten SHAs exist in lockfiles, package caches, vendor trees, or CI jobs. | Composer lockfile search, vendor tree search, and CI dependency install export. | Record the clean result and maintain tag drift monitoring. | Search evidence covers production, CI, and developer build paths. |
| Unknown | Lockfiles, vendor trees, or process/network telemetry are missing. | Named missing data sources and affected application owners. | Keep the system in scope and make conservative rotation decisions for high-value secrets. | Missing data is recovered or risk acceptance is recorded. |
Minimum Evidence To Collect
minimum_evidence:
- "`composer.lock` entries and source commit SHAs for Laravel-Lang packages."
- "CI or host install times relative to 2026-05-22T22:32:00Z."
- "Vendor tree evidence for `src/helpers.php` and Composer `autoload.files` entries."
- "Process, DNS, proxy, or EDR telemetry for `flipboxstudio[.]info` and hidden `/tmp` payloads."
- "Inventory of GitHub, cloud, Kubernetes, Vault, SSH, and application secrets reachable by affected hosts."Timeline
- 2026-05-22T22:32:00Z StepSecurity reports the Laravel-Lang tag rewrite window beginning for
laravel-lang/langStepSecurity. - 2026-05-22 to 2026-05-23 StepSecurity reports tag rewrites across the four confirmed repositories it analyzed StepSecurity.
- 2026-05-23 Socket publishes broader Laravel-Lang compromise research covering roughly 700+ historical versions Socket.
- 2026-05-24 This local feed split created a standalone Laravel-Lang article instead of including it only in a weekly roundup.
What Happened
Attackers gained the ability to rewrite release tags in Laravel-Lang repositories. That matters because Composer users often pin semver tags and assume historical tags are immutable. If a tag is moved, a fresh install can receive a malicious commit while still appearing to satisfy a legitimate version constraint.
The malicious commits added a helper file and autoload registration. StepSecurity’s isolated GitHub Actions detonation showed execution through Composer autoload, staging under /tmp, outbound traffic to flipboxstudio[.]info, and short-lived dropper artifacts StepSecurity. Socket’s broader analysis connects the Laravel-Lang package set to credential harvesting that targets developer and CI environments Socket.
Technical Analysis
Initial Access
The public reports do not prove the exact initial credential or account compromise path. The observed capability was source-control write access sufficient to rewrite historical tags. StepSecurity notes shared malicious commit characteristics and fake author metadata across the confirmed repositories StepSecurity.
Package or Artifact Tampering
The malicious artifact adds src/helpers.php and modifies Composer metadata so the file is loaded automatically. This is a high-leverage PHP package tampering method because many Laravel applications load Composer’s autoloader early in process startup.
Execution Trigger
Execution does not require direct use of a Laravel-Lang API. The trigger is vendor/autoload.php, which is routinely loaded by web applications, CLI commands, test runners, and CI jobs StepSecurity.
Payload Behavior
StepSecurity observed a PHP loader that fetched from flipboxstudio[.]info, wrote hidden temporary files, launched background execution, and then removed artifacts StepSecurity. Socket reports broader collection of cloud metadata, CI/CD tokens, Kubernetes tokens, Vault tokens, browser data, password-manager data, source-control credentials, VPN configs, SSH keys, .env files, and local application configs Socket.
Exfiltration / C2
Known infrastructure includes flipboxstudio[.]info, with /payload and /exfil paths reported in the technical writeups. Treat egress to this domain from PHP, Composer, CI runners, or Laravel application hosts as a high-priority incident.
Propagation
No autonomous worm behavior is confirmed. The propagation path is dependency resolution: any fresh Composer install or update that trusts a rewritten tag can receive the poisoned commit until tags are restored and caches are cleaned.
Obfuscation or Evasion
The attack hides in historical tag trust and normal Composer autoload behavior. Runtime evasion includes hidden /tmp paths, background execution, and rapid artifact deletion in the observed detonation StepSecurity.
Affected Assets and Blast Radius
affected_assets:
ecosystems:
- "Composer"
- "Packagist"
packages:
- "laravel-lang/lang"
- "laravel-lang/http-statuses"
- "laravel-lang/actions"
- "laravel-lang/attributes"
versions:
- "rewritten historical tags reported by StepSecurity"
- "roughly 700+ affected historical versions reported by Socket"
repositories:
- "Laravel-Lang/lang"
- "Laravel-Lang/http-statuses"
- "Laravel-Lang/actions"
- "Laravel-Lang/attributes"
ci_cd_systems:
- "GitHub Actions"
- "Composer-based build pipelines"
container_images: []
developer_tools:
- "Composer"
- "Laravel applications"
credentials_at_risk:
- "GitHub tokens"
- "CI/CD secrets"
- "cloud credentials"
- "Kubernetes tokens"
- "Vault tokens"
- "SSH private keys"
- ".env secrets"
not_currently_known_to_affect:
- "Official Laravel framework packages, based on Socket's distinction between Laravel-Lang third-party packages and Laravel framework packages."Indicators of Compromise
package_versions:
- "laravel-lang/lang rewritten tags"
- "laravel-lang/http-statuses rewritten tags through v3.4.5"
- "laravel-lang/actions rewritten tags through 1.12.2"
- "laravel-lang/attributes rewritten tags"
files:
- "src/helpers.php"
- "composer.json autoload.files"
- "/tmp/.laravel_locale/<12 hex chars>.php"
- "/tmp/.<8 hex chars>"
hashes:
- "2f0ee073c6f29d66188a845592029c9b52528f04"
domains:
- "flipboxstudio[.]info"
urls:
- "hxxps://flipboxstudio[.]info/payload"
- "hxxps://flipboxstudio[.]info/exfil"
ips: []
process_patterns:
- "php -r require vendor/autoload.php followed by orphaned php"
- "sh -c php /tmp/.laravel_locale/<id>.php > /dev/null 2>&1 &"
- "nohup /tmp/.<8 hex chars>"
network_patterns:
- "GET flipboxstudio[.]info/payload"
- "POST flipboxstudio[.]info/exfil"
provenance_signals:
- "Laravel-Lang tags recreated in a tight 2026-05-22 to 2026-05-23 window"
- "unexpected tag author metadata such as Your Name <[email protected]>"Detection and Hunting
Script: local repository and exported telemetry scope
#!/usr/bin/env python3
import os
import sys
import json
import subprocess
from pathlib import Path
ROOT = sys.argv[1] if len(sys.argv) > 1 else "."
LOG_ROOT = os.environ.get("LOG_ROOT", "")
OUT = Path(os.environ.get("OUT", "hp-laravel-lang-composer-tag-compromise-scope"))
SINCE = "2026-05-22T22:32:00Z"
UNTIL = "2026-05-24T23:59:59Z"
PACKAGES = [
"laravel-lang/lang",
"laravel-lang/http-statuses",
"laravel-lang/actions",
"laravel-lang/attributes",
]
VERSIONS = [
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/lang rewritten tags",
"laravel-lang/http-statuses rewritten tags through v3.4.5",
"laravel-lang/actions rewritten tags through 1.12.2",
"laravel-lang/attributes rewritten tags",
]
FILES = [
"src/helpers.php",
"composer.json autoload.files",
"/tmp/.laravel_locale/.php",
"/tmp/",
]
DOMAINS = [
"flipboxstudio.info",
]
URLS = [
"https://flipboxstudio.info/payload",
"https://flipboxstudio.info/exfil",
]
IPS = [
]
HASHES = [
"2f0ee073c6f29d66188a845592029c9b52528f04",
]
PROCESS_PATTERNS = [
"php -r require vendor/autoload.php followed by orphaned php",
"sh -c php /tmp/.laravel_locale/.php > /dev/null 2>&1 &",
"nohup /tmp/",
]
NETWORK_PATTERNS = [
"GET flipboxstudio.info/payload",
"POST flipboxstudio.info/exfil",
]
# Positive signal: repository, lockfile, artifact, process, or network telemetry contains one of the exact incident selectors above.
# Escalation: any match tied to a production build, CI run, deployed asset, or secret-bearing host moves the asset to presumed exposed.
OUT.mkdir(parents=True, exist_ok=True)
indicators_file = OUT / "indicators.txt"
# Collect unique indicators
indicators = set()
for group in [PACKAGES, VERSIONS, FILES, DOMAINS, URLS, IPS, HASHES, PROCESS_PATTERNS, NETWORK_PATTERNS]:
for val in group:
if val:
indicators.add(val)
with open(indicators_file, "w") as f:
for ind in sorted(indicators):
f.write(ind + "\n")
print(f"[+] Written unique selectors to {indicators_file}")
# Walk local directory
print(f"[+] Scanning directory: {ROOT} for selectors...")
matches = []
exclude_dirs = {"node_modules", "vendor", "dist", ".git"}
for root, dirs, filenames in os.walk(ROOT):
dirs[:] = [d for d in dirs if d not in exclude_dirs]
for filename in filenames:
filepath = Path(root) / filename
try:
content = filepath.read_text(errors="ignore")
for ind in indicators:
if ind in content:
matches.append(f"{filepath}: found '{ind}'")
except Exception:
pass
if matches:
(OUT / "repository-indicator-matches.txt").write_text("\n".join(matches) + "\n")
print(f"[!] Found {len(matches)} matches in codebase!")
# Optional Log Scanning
if LOG_ROOT and os.path.exists(LOG_ROOT):
print(f"[+] Scanning telemetry log directory: {LOG_ROOT}...")
log_matches = []
for root, _, filenames in os.walk(LOG_ROOT):
for filename in filenames:
filepath = Path(root) / filename
try:
content = filepath.read_text(errors="ignore")
for ind in indicators:
if ind in content:
log_matches.append(f"{filepath}: found '{ind}'")
except Exception:
pass
if log_matches:
(OUT / "exported-telemetry-indicator-matches.txt").write_text("\n".join(log_matches) + "\n")
print(f"[!] Found {len(log_matches)} matches in logs!")
if PACKAGES:
registry_dir = OUT / "registry"
registry_dir.mkdir(exist_ok=True)
for package in PACKAGES:
if not package: continue
safe_name = package.replace("/", "__")
print(f"[+] Querying composer show for {package}...")
res = subprocess.run(["composer", "show", "--all", package], capture_output=True, text=True)
if res.returncode == 0:
(registry_dir / f"composer-{safe_name}.txt").write_text(res.stdout)
print(f"[+] Wrote scope artifacts under {OUT}")Downstream Abuse Audits
Script: GitHub organization run, release, secret, and workflow audit
#!/usr/bin/env python3
import os
import sys
import json
import subprocess
from pathlib import Path
if "ORG" not in os.environ:
print("ERROR: Set ORG environment variable to the GitHub organization to audit", file=sys.stderr)
sys.exit(1)
ORG = os.environ["ORG"]
SINCE = "2026-05-22T22:32:00Z"
UNTIL = "2026-05-24T23:59:59Z"
OUT = Path(os.environ.get("OUT", "hp-laravel-lang-composer-tag-compromise-github-audit"))
SELECTORS = [
"laravel-lang/lang",
"laravel-lang/http-statuses",
"laravel-lang/actions",
"laravel-lang/attributes",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/lang rewritten tags",
"laravel-lang/http-statuses rewritten tags through v3.4.5",
"laravel-lang/actions rewritten tags through 1.12.2",
"laravel-lang/attributes rewritten tags",
"src/helpers.php",
"composer.json autoload.files",
"/tmp/.laravel_locale/.php",
"/tmp/",
"flipboxstudio.info",
"https://flipboxstudio.info/payload",
"https://flipboxstudio.info/exfil",
"2f0ee073c6f29d66188a845592029c9b52528f04",
]
# Positive signal: a workflow run, release, secret, key, package, or workflow change overlaps the exposure window and references an incident selector.
# Remediation trigger: unauthorized post-exposure write activity or a secret-bearing run matching an incident selector requires token revocation and downstream cloud/registry review.
OUT.mkdir(parents=True, exist_ok=True)
(OUT / "runs").mkdir(exist_ok=True)
(OUT / "logs").mkdir(exist_ok=True)
(OUT / "repos").mkdir(exist_ok=True)
# 1. Write incident-selectors file
selectors_file = OUT / "incident-selectors.txt"
with open(selectors_file, "w") as sf:
for s in SELECTORS:
if s:
sf.write(s + "\n")
# 2. Get list of repos
print(f"[+] Fetching repositories for organization: {ORG}")
repo_res = subprocess.run(["gh", "repo", "list", ORG, "--limit", "1000", "--json", "nameWithOwner"], capture_output=True, text=True)
if repo_res.returncode != 0:
print(f"[-] Failed to fetch repos: {repo_res.stderr}", file=sys.stderr)
sys.exit(1)
repos = [r["nameWithOwner"] for r in json.loads(repo_res.stdout)]
for repo in repos:
safe_repo = repo.replace("/", "__")
print(f"[+] Auditing repository: {repo}")
# Check runs in the window
runs_res = subprocess.run([
"gh", "api", f"/repos/{repo}/actions/runs",
"-f", "per_page=100",
"-f", f"created=>={SINCE}",
"--paginate"
], capture_output=True, text=True)
if runs_res.returncode == 0:
try:
all_runs = json.loads(runs_res.stdout).get("workflow_runs", [])
filtered_runs = [r for r in all_runs if r["created_at"] <= UNTIL]
if filtered_runs:
with open(OUT / "runs" / f"{safe_repo}-runs.jsonl", "w") as rf:
for run in filtered_runs:
rf.write(json.dumps(run) + "\n")
# Fetch log dynamically
run_id = str(run["id"])
log_res = subprocess.run(["gh", "run", "view", run_id, "--repo", repo, "--log"], capture_output=True, text=True)
if log_res.returncode == 0:
(OUT / "logs" / f"{safe_repo}-{run_id}.log").write_text(log_res.stdout)
# Fetch details
view_res = subprocess.run(["gh", "run", "view", run_id, "--repo", repo, "--json", "databaseId,workflowName,headSha,event,createdAt,jobs"], capture_output=True, text=True)
if view_res.returncode == 0:
(OUT / "runs" / f"{safe_repo}-{run_id}.json").write_text(view_res.stdout)
except Exception as e:
print(f"[-] Error parsing runs for {repo}: {e}")
# Check releases in window
subprocess.run(["gh", "api", f"/repos/{repo}/releases", "-f", "per_page=100", "--paginate"], capture_output=True)
# Check repo secrets updated in window
subprocess.run(["gh", "api", f"/repos/{repo}/actions/secrets", "-f", "per_page=100", "--paginate"], capture_output=True)
# Check deploy keys
subprocess.run(["gh", "api", f"/repos/{repo}/keys", "-f", "per_page=100", "--paginate"], capture_output=True)
# Scan output directory for any indicator selector matches
print("[+] Scanning gathered telemetry for indicator matches...")
subprocess.run(["rg", "-n", "--hidden", "--fixed-strings", "-f", str(selectors_file), str(OUT)], capture_output=False)
print(f"[+] Wrote GitHub audit artifacts under {OUT}")Script: cloud OIDC and deployment credential follow-on audit
#!/usr/bin/env python3
import os
import json
import subprocess
from pathlib import Path
SINCE = "2026-05-22T22:32:00Z"
UNTIL = "2026-05-24T23:59:59Z"
OUT = Path(os.environ.get("OUT", "hp-laravel-lang-composer-tag-compromise-cloud-audit"))
AWS_REGIONS = os.environ.get("AWS_REGIONS", "us-east-1").split(",")
# Positive signal: token exchange or privileged write activity occurs in the exposure window from GitHub, CI/CD, package registry, or deployment automation identity.
# Remediation trigger: unexpected write, deploy, IAM, secret, or registry activity tied to an exposed CI/CD path requires trust-policy disablement and credential rotation.
OUT.mkdir(parents=True, exist_ok=True)
# 1. AWS CloudTrail Audit
print("[+] Querying AWS CloudTrail for Web Identity token exchanges...")
aws_events = []
for region in AWS_REGIONS:
res = subprocess.run([
"aws", "cloudtrail", "lookup-events",
"--region", region,
"--start-time", SINCE,
"--end-time", UNTIL,
"--lookup-attributes", "AttributeKey=EventName,AttributeValue=AssumeRoleWithWebIdentity",
"--output", "json"
], capture_output=True, text=True)
if res.returncode == 0:
try:
events = json.loads(res.stdout).get("Events", [])
for event in events:
ct = json.loads(event.get("CloudTrailEvent", "{}"))
ct["region"] = region
aws_events.append(ct)
except Exception as e:
print(f"[-] Error parsing AWS CloudTrail events: {e}")
if aws_events:
with open(OUT / "aws-assume-role-with-web-identity.jsonl", "w") as f:
for ev in aws_events:
f.write(json.dumps(ev) + "\n")
# Audit follow-on events for returned access keys
for ev in aws_events:
access_key = ev.get("responseElements", {}).get("credentials", {}).get("accessKeyId")
region = ev.get("region", "us-east-1")
if access_key:
print(f"[+] Enumerating AWS events for AccessKey: {access_key}")
f_res = subprocess.run([
"aws", "cloudtrail", "lookup-events",
"--region", region,
"--start-time", SINCE,
"--end-time", UNTIL,
"--lookup-attributes", f"AttributeKey=AccessKeyId,AttributeValue={access_key}",
"--output", "json"
], capture_output=True, text=True)
if f_res.returncode == 0:
try:
f_events = json.loads(f_res.stdout).get("Events", [])
with open(OUT / "aws-follow-on-api-calls.jsonl", "a") as ff:
for fe in f_events:
ff.write(fe.get("CloudTrailEvent", "{}") + "\n")
except Exception as e:
print(f"[-] Error writing follow-on events: {e}")
# 2. Azure Activity Log Audit
print("[+] Querying Azure activity logs...")
az_res = subprocess.run([
"az", "monitor", "activity-log", "list",
"--start-time", SINCE,
"--end-time", UNTIL,
"--query", "[?contains(operationName.value, 'write') || contains(operationName.value, 'delete') || contains(operationName.value, 'Microsoft.ManagedIdentity')]",
"-o", "json"
], capture_output=True, text=True)
if az_res.returncode == 0:
(OUT / "azure-write-delete-activity.json").write_text(az_res.stdout)
# 3. GCP Logging Audit
print("[+] Querying GCP Cloud Logging...")
gcp_filter = f'timestamp>="{SINCE}" AND timestamp<="{UNTIL}" AND (protoPayload.methodName="google.sts.v1.SecurityTokenService.ExchangeToken" OR protoPayload.methodName:"GenerateAccessToken" OR protoPayload.methodName:"CreateServiceAccountKey" OR protoPayload.methodName:"SetIamPolicy")'
gcp_res = subprocess.run([
"gcloud", "logging", "read", gcp_filter,
"--format", "json"
], capture_output=True, text=True)
if gcp_res.returncode == 0:
(OUT / "gcp-token-and-iam-activity.json").write_text(gcp_res.stdout)
print(f"[+] Wrote cloud audit artifacts under {OUT}")Script: registry metadata and artifact audit
#!/usr/bin/env python3
import os
import json
import subprocess
from pathlib import Path
SINCE = "2026-05-22T22:32:00Z"
OUT = Path(os.environ.get("OUT", "hp-laravel-lang-composer-tag-compromise-registry-audit"))
PACKAGES = [
"laravel-lang/lang",
"laravel-lang/http-statuses",
"laravel-lang/actions",
"laravel-lang/attributes",
]
VERSIONS = [
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/[email protected]",
"laravel-lang/lang rewritten tags",
"laravel-lang/http-statuses rewritten tags through v3.4.5",
"laravel-lang/actions rewritten tags through 1.12.2",
"laravel-lang/attributes rewritten tags",
]
# Positive signal: registry metadata, package tarballs, or cached artifacts contain the exact affected package/version values.
# Remediation trigger: any internal package cache, build artifact, or deployment using these package/version values requires exposure scoping.
OUT.mkdir(parents=True, exist_ok=True)
with open(OUT / "affected-versions.txt", "w") as av:
for version in VERSIONS:
if version:
av.write(version + "\n")
# 1. Audit Composer dependencies in project files
print("[+] Scanning Composer lockfiles...")
for file in ["composer.lock", "composer.json"]:
if Path(file).exists():
subprocess.run(["rg", "-n", "--hidden", "--fixed-strings", "-f", str(OUT / "affected-versions.txt"), file])
# 2. Query composer metadata
metadata_dir = OUT / "metadata"
metadata_dir.mkdir(exist_ok=True)
for package in PACKAGES:
if not package: continue
safe_name = package.replace("/", "__")
print(f"[+] Querying composer show for {package}...")
res = subprocess.run(["composer", "show", "--all", package], capture_output=True, text=True)
if res.returncode == 0:
(metadata_dir / f"composer-{safe_name}.txt").write_text(res.stdout)
# 3. HOW TO REVOKE AND ROTATE EXPOSED COMPOSER/PACKAGIST TOKENS:
# Packagist API tokens are managed via the web console.
# 1. Log in to https://packagist.com/ or https://packagist.org/ and click "Revoke" on compromised tokens.
# 2. Generate a new token and update your composer config locally or in CI/CD:
# subprocess.run(["composer", "config", "--global", "github-oauth.github.com", "my-new-token"])
# subprocess.run(["gh", "secret", "set", "COMPOSER_AUTH", "--body", '{"github-oauth": {"github.com": "my-new-token"}}'])
print(f"[+] Wrote registry audit artifacts under {OUT}")Sources
- StepSecurity: Laravel-Lang Supply Chain Attack - Role: PRIMARY_RESEARCH - Impact: Provides confirmed repositories, tag rewrite timing, detonation behavior, process tree, network activity, and IOCs.
- Socket: Laravel Lang Compromised with RCE Backdoor Across 700+ Versions - Role: PRIMARY_RESEARCH - Impact: Documents broader package scope, Composer autoload execution, payload behavior, credential targets, and remediation guidance.
IOC Clipboard
8 IOCs Defang IOCs
domain
flipboxstudio.info flipboxstudio[.]info url
https://flipboxstudio.info/payload hxxps://flipboxstudio[.]info/payload url
https://flipboxstudio.info/exfil hxxps://flipboxstudio[.]info/exfil hash
2f0ee073c6f29d66188a845592029c9b52528f04 2f0ee073c6f29d66188a845592029c9b52528f04 file
src/helpers.php src/helpers.php file
composer.json autoload.files composer.json autoload.files file
/tmp/.laravel_locale/.php /tmp/.laravel_locale/.php file
/tmp/ /tmp/