unknown

Multiple Laravel sites were compromised through a likely Livewire RCE vulnerability (CVE-2025-54068, affecting versions 3.x < 3.6.4). Attackers exploited improper serialized data handling during component hydration to place PHP backdoors in the public/ directory, implement Google-only redirects for SEO cloaking, and deploy cryptominers. The attack bypasses Laravel's routing and middleware by executing files directly from the public folder. Immediate mitigation requires upgrading Livewire to 3.6.4+, securing APP_KEY, locking public/ directory permissions, hunting for compromised files, and potentially rebuilding affected servers.

Laravel Sites Hacked: Public Folder Backdoors, Google-Only Redirects, and CPU Cryptomining (Likely via Livewire RCE)

Tech explorations that can provide seeds for thoughts. 
Let's become better developers together.
Share your tech explorations here

Tech explorations

<p>OMG… Direct Execution is power and weakness of PHP.</p>
