Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

Published: 3 days ago (February 26, 2026 at 05:35 AM EST)

1 min read

Source: The Hacker News

Campaign Overview

A “coordinated developer‑targeting campaign” is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines.

Threat Landscape

The activity aligns with a broader cluster of threats that use job‑themed lures to blend into routine developer workflows and increase the likelihood of code.

Back to Blog

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw Fixes High‑Severity Security Issue ClawJacked !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMEZ7gMViZ9XlXs35FiyviBZR19FbDXmatfjhNRw59da...

Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute

'Ravie Lakshmanan Feb 28 2026 – National Security / Artificial Intelligence

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

Overview Cybersecurity researchers have disclosed a malicious Go module that harvests passwords, creates persistent SSH access, and deploys a Linux backdoor kn...

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command‑and‑cont...