The Hacker News

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 ...
CSO Online

Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors

Attackers used “technical assessment” projects with repeatable naming conventions to blend in cloning and build workflows, retrieving loader scripts from remote infrastructure, and minimizing on-disk ...

Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
GitHub

Bomb Chip Script - Auto Win, God Mode, GamePass

Welcome to the ultimate bomb chip script solution for enhancing your Roblox gaming experience! This powerful automation tool revolutionizes how you play by providing advanced features like auto-win ...
Nigerian CommunicationWeek on MSN

Firm identifies RenEngine loader distributed through pirated games and software

Kaspersky Threat Research has revealed its analysis of RenEngine, a malware loader that has recently gained public attention. Kaspersky identified RenEngine samples as early as March 2025, with its ...
GitHub

Cstolborg/corp-bond-data

This project provides a Julia-based pipeline for processing U.S. corporate bond market data from TRACE (2002-2024), transforming raw trading records into analysis-ready datasets with computed risk ...