Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...
The Register on MSN

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
InfoWorld

New npm worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Make Tech Easier

Malware Ridden Fake CAPTCHAs Make Me Hate CAPTCHAs Even More

Is that CAPTCHA you just encountered real? Find out how fake CAPTCHAs are installing hidden malware and how to stay safe.
TechRepublic

Hugging Face Repositories Abused in New Android Malware Campaign

Hugging Face is widely used by researchers and developers to host machine learning models, datasets, and tools. But researchers say attackers have found a way to exploit that trust. Cybersecurity ...
Ars Technica

Poland’s energy grid was targeted by never-before-seen wiper malware

Researchers on Friday said that Poland’s electric grid was targeted by wiper malware, likely unleashed by Russia state hackers in an attempt to disrupt electricity delivery operations. A cyberattack, ...
PC World

This fake ad blocker malware impersonated uBlock Origin’s developer

PCWorld reports that a malicious Chrome extension called ‘NexShield Smart Ad Blocker’ impersonated uBlock Origin’s developer Raymond Hill to distribute the dangerous ModeloRAT trojan. The fake ad ...
PC Magazine

From Firefox Malware to Stolen Pornhub Data: This Week's Security News Is Not Sexy

A wave of recent breaches and malware discoveries shows how easily trusted software and private data can be exploited. I've been writing and editing stories for almost two decades that help people use ...
SiliconANGLE

‘PyStoreRAT’ malware uses fake developer tools on GitHub to infect Windows systems

A new report out today from endpoint security firm Morphisec Inc. details a previously undocumented malware family dubbed “PyStoreRAT” that abuses trusted open-source platforms and Windows scripting ...