Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...
SecurityWeek

‘Arkanix Stealer’ Malware Disappears Shortly After Debut

The Arkanix Stealer malware can collect and exfiltrate system information, browser data, VPN information, and arbitrary files ...
SecurityWeek

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

Orca has discovered a supply chain attack that abuses GitHub Issue to take over Copilot when launching a Codespace from that ...
InfoWorld

New npm worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.

Fake CAPTCHA attacks exploded by 563% last year: How to spot them and stay safe online

You might not think of a CAPTCHA check as a cybercrime lure, but if you fall prey to one, you may become infected with malware. Learn how to spot them with our guide.

Amazon says Russian-speaking hacker used AI to hit one of world's most deployed network firewalls in 5 weeks

Amazon Threat Intelligence has revealed that a single “unsophisticated” attacker has compromised more than 600 organisations ...