Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
The Register on MSN

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...

When AI Systems Can Act, Prompt Injection Becomes A Security Risk

The moment an AI system can read internal systems, trigger workflows, move money, send emails, update records or approve actions, the risk profile changes.