CISA Advisories

Supply Chain Hack Steals Dev Creds + 600K Gov Records Exposed ๐Ÿ”“

Two major security stories broke today that every developer and organization should know about — one targeting the open-source software supply chain, and one revealing a suspected state-sponsored data theft from a European government.

๐Ÿงจ Hackers Quietly Poisoned a Popular Developer Package — and Stole Everything

If you build web apps with PHP's Laravel framework, listen up. Attackers managed to compromise 233 versions of the widely-used laravel-lang package (which has 7,800+ stars on GitHub) by hijacking how the package's version tags were pointing — redirecting them to attacker-controlled code without ever touching the official repository. Anyone who pulled in an affected version unknowingly ran a hidden credential stealer on their own server.

What did the malware steal? Pretty much everything: cloud service credentials, SSH private keys, saved passwords from browsers, crypto wallet files, and even authentication tokens from apps like Slack and Discord. The stolen data was encrypted and quietly sent to an attacker-controlled server, then the malware deleted itself to cover its tracks.

If your team uses Laravel, you should immediately audit your Composer dependencies for affected versions, block the domain flipboxstudio[.]info at your firewall, and rotate any credentials that may have been exposed on affected systems.

Read more →

๐Ÿ‡ฑ๐Ÿ‡น 600,000 Government Records Stolen — Including Addresses of Spies and Diplomats

Lithuanian authorities have confirmed a major data breach: over 600,000 entries from national government registries were stolen by what officials believe was a foreign state actor. The leaked data came from real estate and business registers — but buried within it are the home addresses of intelligence officers, military personnel, diplomats, and politicians.

The attackers gained access not by breaking through technical defenses, but by using the legitimate login credentials of authorized institutions — a classic case of credential-based intrusion that bypasses many traditional security controls. When government data of this sensitivity leaks, the consequences go beyond embarrassment: exposing the whereabouts of intelligence and military staff creates real physical safety risks.

This breach is a reminder that even well-resourced government systems are vulnerable when credential security is weak — and that the stakes of a breach aren't always just financial. Nation-state cyber operations are increasingly targeting civil infrastructure to harvest intelligence.

Read more →

Stay ahead of threats with GOCO Security at gocosecurity.com

Comments

Popular Posts