All updates
security: Developer-targeting campaign using malicious Next.js repositories
Feb 24, 2026
Microsoft reports a developer-targeting campaign that used malicious Next.js repositories to achieve remote code execution and establish command-and-control via normal build workflows, aiming to blend into routine development activity.
- Source: Microsoft Security Blog