> TritonInfoSec News
Home / May 24, 2026 / Story
0
#3 Ars Technica Security general May 22, 2026 at 10:30 UTC

A hacker group is poisoning open source code at an unprecedented scale

By Andy Greenberg and Lily Hay Newman, WIRED.com

AI Summary

Threat group TeamPCP has been executing software supply chain attacks at an unprecedented scale, with GitHub being the latest platform targeted. The campaign spans multiple ecosystems including Packagist (8 packages compromised) and Laravel-Lang PHP packages, with malicious Linux binaries distributed via GitHub Releases URLs and credential-stealing frameworks injected into package.json files rather than composer.json to evade detection. Developers using Laravel-Lang packages — including laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions — should audit their dependencies immediately.

Read full article → https://arstechnica.com/information-technology/202…

Relevance score: 85.0/100

# More from May 24

  1. 1
    LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root The Hacker News
  2. 2
    Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV The Hacker News
  3. 4
    Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack SecurityWeek
  4. 5
    ‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested SecurityWeek
  5. 6
    US and Canada arrest and charge suspected Kimwolf botnet admin BleepingComputer
  6. 7
    CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV The Hacker News
  7. 8
    CISA Security Leak Schneier on Security
  8. 9
    FBI warns about fast-growing phishing kit targeting Microsoft 365 users CyberScoop
  9. 10
    China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts. Dark Reading