Laravel Lang packages hijacked to deploy credential-stealing malware

A threat actor hijacked several popular Laravel language packages on Packagist to deploy credential-stealing malware. The compromised packages, including 'laravel/lang' and others, contained malicious code that exfiltrated environment files and sensitive data. Users who recently installed updates are advised to rotate all secrets and credentials.