Packagist is a technology platform tracked across 5 threat clusters and 8 intelligence report mentions on ThreatCluster. First observed March 4, 2026; most recent activity July 3, 2026.
On May 22, 2026, a supply chain attack targeted Laravel Lang localization packages, compromising 233 versions across four repositories. Attackers exploited GitHub's version tagging system to redirect legitimate tags to…
A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…
A recent change in GitHub's token format has led to a security vulnerability in Composer, exposing sensitive GitHub authentication tokens in CI/CD logs. This flaw affects PHP developers globally, as the outdated…
A supply chain attack has compromised OphimCMS, a Vietnamese-language Laravel CMS, through six malicious Composer packages published on Packagist. These packages, disguised as legitimate themes, contain trojanized…
A supply chain attack has targeted the PHP developer community via Packagist, where threat actor nhattuanbl published malicious packages disguised as Laravel utility libraries. These packages contain a fully functional…