The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...

OpenAI secures massive office complex for new Silicon Valley campus

OpenAI is planting a flag in Alphabet's backyard, as it snags a Mountain View office complex for its new Silicon Valley ...
The Caledonian-Record

Neinor records €122mn FY25 Net Income after executing largest M&A in Spanish Residential of ...

Neinor Homes (“Neinor”) closed FY25 with standout operational and financial results. During FY25 and excluding the impact from acquiring a 79.2% stake in ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

All of the execution paths identified by its research team are designed to trigger during the Next.js devs' normal working ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
The Caledonian-Record

Testing Mavens Launches Next-Gen PerfAgents Performance Orchestration Platform

We're relaunching PerfAgents with a renewed focus on performance test orchestration-bringing load testing, real user journeys ...

Wikipedia blacklists Archive.today after alleged DDoS attack

Wikipedia editors have decided to remove all links to Archive.today, a web archiving service that they said has been linked ...
SecurityWeek

Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration

Vulnerabilities in PDF platforms from Foxit and Apryse could have been exploited for account takeover, data exfiltration, and other attacks.

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...