Several Laravel-Lang PHP packages were compromised in a supply chain attack that delivered a cross-platform credential stealer to developers. The malicious packages, which are commonly used for language localization in Laravel applications, were modified to steal sensitive credentials from infected systems. This latest incident highlights the ongoing security risks in open-source software repositories where attackers target popular packages to distribute malware to large numbers of developers and their applications.