Black & White Path

May 26, 2026 · Information Security

How Attackers Rewrote 700+ Laravel Git Tags to Steal CI/CD Secrets

On the night of May 22 2026, an attacker with organization-level push credentials force-pushed every tag of four Laravel-Lang packages to a malicious fork, exploited Composer's files autoload to run a three-second payload, and exfiltrated cloud and CI/CD secrets, prompting a detailed forensic analysis and remediation guide.