The Point:
Security researchers have discovered a large-scale supply chain attack on multiple PHP packages of the Laravel-Lang project. Over 700 manipulated versions were distributed to deploy a comprehensive credential-stealing framework on Windows, Linux, and macOS.