Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...

Developer-Written AGENTS.md Lifts Results 4% but Raises Cost

ETH Zurich tests AGENTS.md and context files on 438 tasks, finding developer-written notes raise performance about 4% while increasing spend ...
Mirage News

WHO Unveils New Health Equity Data and Toolkit

WHO has released updated versions of two key resources as part of the Health Inequality Monitor to strengthen data accessibility and usability for ...

Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...
TechJuice

Researchers Claim Malicious Repositories Turn Claude Code Into an Ideal Hacker’s Tool

Security researchers disclose critical vulnerabilities in Anthropic’s Claude Code that allow remote code execution and credential theft.

Anthropic Claude Code's security flaws expose devices to silent hacking, triggered from remote code execution; claims report

Security experts have identified three critical vulnerabilities in Anthropic's Claude Code, potentially allowing remote code ...
InfoWorld

Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors

Attackers used “technical assessment” projects with repeatable naming conventions to blend in cloning and build workflows, ...

Bitcoin Took Its First Step Against Quantum Computers

The Bitcoin network took its first step towards quantum-computing resistance with the addition of BIP 360 to its repository.

CyberStrikeAI tool adopted by hackers for AI-powered attacks

Researchers warn that a newly identified open-source AI security testing platform called CyberStrikeAI was used by the same threat actor behind a recent campaign that breached hundreds of Fortinet ...