Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

International coworking firm expands Ohio footprint with downtown Dayton site

The flexible workspace provider will open four Ohio locations this year — including one in downtown Dayton — bringing its ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...

Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...

How refill stores are changing the way we reduce waste

Refilling a bottle instead of throwing it away has become a popular way for people to reduce waste — a small, tangible action ...

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...
SecurityWeek

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

Orca has discovered a supply chain attack that abuses GitHub Issue to take over Copilot when launching a Codespace from that ...

「ルール」と「ワークフロー」

GoogleのAI開発ツール「Antigravity」を使ってエージェントファースト開発を実践する本連載。今回はエージェントをうまく動かす仕組みづくりにフォーカスして、「ルール(Rules)」と「ワークフロー(Workflows)」という2つの機能を紹介する。

WinUIpad: AI to the Rescue

With progress slowing to a crawl, I researched Windows App SDK alternatives and then started experimenting with AI pair programming.