Blog & Insights — ScriptWalker

2026.05.25 · 147 views

Laravel-Lang: Every Git Tag, Rewritten — The 15-Minute Supply Chain Attack That Backdoored 700+ Versions Of A Package Half The Laravel World Has Installed

On May 22 an attacker with push access to the Laravel-Lang GitHub organization did not commit malicious code. They rewrote every existing git tag in four popular Composer packages to point at a new malicious commit — meaning every previously safe version constraint became unsafe overnight. What happened, why this attack class breaks Composer's normal defenses, and the exact lockdown checklist every Laravel team needs to run this week.

Microsoft Just Made The Vision-Reasoning Agent A First-Class Citizen Of Every Power Platform Tenant — And It Quietly Solved The Legacy-ERP Automation Problem

AI & Automation

2026.05.25 · 246 views

Microsoft Just Made The Vision-Reasoning Agent A First-Class Citizen Of Every Power Platform Tenant — And It Quietly Solved The Legacy-ERP Automation Problem

Computer-Using Agents (CUA) in Copilot Studio are now generally available in every commercial geography, with Claude Sonnet 4.5 and OpenAI's CUA model side-by-side. The end of selector-based RPA, the start of "the agent does what a person would do," and the practical playbook for PHP/Flutter shops who suddenly have a path to automate the screens nobody could automate before.

Flutter's GenUI SDK Goes Public On A2UI v0.9 — The Day Static App Screens Stopped Being The Only Option

Web Development

2026.05.25 · 139 views

Flutter's GenUI SDK Goes Public On A2UI v0.9 — The Day Static App Screens Stopped Being The Only Option

Why Flutter 3.44's "Generative UI" release is the first time a major mobile framework has shipped a protocol-backed way for AI agents to draw real, interactive widgets — not markdown, not chips, real widgets — into your app, and what Laravel/Flutter shops should rip out of their roadmap and try this week.

The Laravel-Lang Supply-Chain Storm: 233 Versions, 700 Repos, 15 Minutes — Why Composer Tag-Rewrite Is The New Class Of Attack

Cybersecurity

2026.05.24 · 126 views

The Laravel-Lang Supply-Chain Storm: 233 Versions, 700 Repos, 15 Minutes — Why Composer Tag-Rewrite Is The New Class Of Attack

A single push-access compromise on a popular community-maintained PHP localization org has produced a credential stealer that runs on every web request handled by the application. If you have ever installed laravel-lang/lang, rotate your secrets before you finish reading this.

Agentforce Coworker Just Made Every Salesforce Search Bar Into An AI Teammate — Here's What CRM-Adjacent Devs Need To Know

AI & Automation

2026.05.24 · 139 views

Agentforce Coworker Just Made Every Salesforce Search Bar Into An AI Teammate — Here's What CRM-Adjacent Devs Need To Know

Salesforce shipped its biggest CRM UX change in a decade this weekend, hidden inside a humble search box. For agencies whose clients touch Salesforce, Slack, Teams, or ChatGPT, the integration window opens now.

Flutter 3.44 + Dart 3.12: Agentic Hot Reload Turns Your AI Coding Agent Into A Live-Debugging Pair Programmer

Web Development

2026.05.24 · 179 views

Flutter 3.44 + Dart 3.12: Agentic Hot Reload Turns Your AI Coding Agent Into A Live-Debugging Pair Programmer

Google I/O 2026 quietly shipped the most consequential AI-native developer feature of the year — and Laravel/PHP teams who target Flutter web should reshuffle their roadmap this week to integrate it.

Internal Tools & Admin Panel Build Service: The Operations Backbone Most SMBs Try To Build In Excel And End Up Regretting

Services

2026.05.23 · 123 views

Internal Tools & Admin Panel Build Service: The Operations Backbone Most SMBs Try To Build In Excel And End Up Regretting

A 4–8 week engagement to turn your team's "spreadsheet + Slack + email" workflow into a permissioned, auditable, internal web tool. What we build, how we scope it, what we hand over.

Panasonic Avionics Joins Grafana On The CoinbaseCartel Leak Site — The GitHub-Token Era Of Extortion Is Now The Dominant Web-Attack Pattern Of 2026

Cybersecurity

2026.05.23 · 439 views

Panasonic Avionics Joins Grafana On The CoinbaseCartel Leak Site — The GitHub-Token Era Of Extortion Is Now The Dominant Web-Attack Pattern Of 2026

A pure-extortion crew, no encryption, no PoC, no malware — just a stolen privileged token, a quiet codebase download, and a ransom note. Seven days after Grafana refused to pay, Panasonic Avionics is on the same wall. Here's the detection stack, the GitHub-token hygiene posture, and the Laravel-stack mitigations to deploy this week.

Chrome's Modern Web Guidance: Google Just Shipped The "Skills File" That Tells AI Coding Agents How To Write Web Code Properly

Web Development

2026.05.23 · 325 views

Chrome's Modern Web Guidance: Google Just Shipped The "Skills File" That Tells AI Coding Agents How To Write Web Code Properly

128 web platform features, 100+ expert-verified use cases, distributed via npm, and a measured 37-point jump in best-practice adherence when a generic coding agent is wired up to it. For Laravel/Flutter teams that rely on Claude Code, Cursor, or Copilot, this is the next-most-consequential I/O 2026 release after WebMCP.