The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...
Joy of Android

GitHub Games and the Open Approach to Game Development

GitHub games are open-source projects for testing gameplay ideas, sharing code, and collaborating publicly outside ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
The Caledonian-Record

Huawei to Announce the Open Source Project of A2A-T Software, Boosting the application of ...

BARCELONA, SPAIN - Media OutReach Newswire - 1 March 2026 - On the eve of the 2026 Mobile World Congress (MWC 2026), Huawei ...

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...
Twinfinite

Project Sonic TD Codes (February 2026)

Why run through loops when you can set up a defensive line of the world’s fastest heroes with the help of Project: Sonic TD codes? From Sonic and Tails to heavy hitters like Knuckles, it’s time to ...

Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...
The Register on MSNOpinion

LibreOffice Online dragged out of the attic, dusted off for another go

Browser-based version back on the menu, reopening questions about TDF's relationship with Collabora The Document Foundation ...
InfoWorld

Open source maintainers are being targeted by AI agent as part of ‘reputation farming’

“Once contribution and reputation building can be automated, the attack surface moves from the code to the governance process around it. Projects that rely on informal trust and maintainer intuition ...

What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...
Cybernews

Hackers can exploit thousands of exposed Google API keys to access Gemini and steal data

Exposed Google API keys previously not considered secrets can now inadvertently grant attackers access to sensitive Gemini ...