Laravel is a technology platform tracked across 5 threat clusters and 5 intelligence report mentions on ThreatCluster. First observed October 29, 2025; most recent activity June 3, 2026.
Laravel is a popular PHP web application framework used to build modern web apps, known for its elegant syntax and rich ecosystem. In cybersecurity terms, misconfigurations, outdated packages, and insecure deployments of Laravel can create entry points for attacks, making Laravel deployments a notable surface area in cloud-targeted threats.
A critical CRLF injection vulnerability in the Laravel framework, tracked as CVE-2026-48019, could allow attackers to manipulate outbound email processing in affected applications. This flaw affects Laravel versions up…
A supply chain attack has compromised OphimCMS, a Vietnamese-language Laravel CMS, through six malicious Composer packages published on Packagist. These packages, disguised as legitimate themes, contain trojanized…
A supply chain attack has targeted the PHP developer community via Packagist, where threat actor nhattuanbl published malicious packages disguised as Laravel utility libraries. These packages contain a fully functional…
Cybersecurity researchers report a rise in attacks targeting PHP servers, IoT devices, and cloud gateways. Botnets like Mirai, Gafgyt, and Mozi are exploiting known vulnerabilities and cloud misconfigurations to expand…
Cybersecurity researchers report a significant increase in attacks on PHP servers, IoT devices, and cloud gateways, driven by botnets such as Mirai, Gafgyt, and Mozi. These botnets exploit known vulnerabilities and…