security: Developer-targeting campaign using malicious Next.js repositories

Microsoft reports a developer-targeting campaign that used malicious Next.js repositories to achieve covert remote code execution and stage command-and-control via normal build workflows.

• Source: Microsoft Security Blog