bug-bounty536
xss296
rce173
google145
bragging-post121
exploit121
account-takeover120
facebook117
privilege-escalation105
malware99
open-source98
microsoft97
authentication-bypass95
csrf87
cve80
access-control77
stored-xss75
web-security68
ai-agents68
writeup66
reflected-xss63
phishing62
ssrf55
input-validation55
reverse-engineering53
information-disclosure53
sql-injection51
api-security51
apple49
smart-contract49
cross-site-scripting49
defi48
privacy47
tool46
ethereum45
ai-security44
vulnerability-disclosure44
browser39
credential-theft39
web-application38
llm38
web337
burp-suite37
automation37
opinion37
remote-code-execution37
race-condition36
lfi36
supply-chain35
authentication35
0
3/10
Three malicious PHP packages on Packagist disguised as Laravel utilities were discovered distributing a cross-platform remote access trojan (RAT) capable of compromising Windows, macOS, and Linux systems. The packages—lara-helper, simple-queue, and lara-swagger—achieved limited distribution (29-49 downloads each) before being flagged by security researchers.
supply-chain-attack
malicious-package
packagist
php
laravel
rat
remote-access-trojan
cross-platform
malware
windows
macos
linux
Packagist
Laravel
nhattuanbl/lara-helper
nhattuanbl/simple-queue
nhattuanbl/lara-swagger