The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and ...

Ukrainian family denied UK asylum told to block out bombs with headphones

Thousands of Ukrainians were welcomed to the UK in 2022 after Russia invaded. But Home Office figures show there has since ...

Lebanon on edge over potential US strike on Iran

While Lebanon's government opposes getting involved, Hezbollah says it would view an attack on Iran's leader as a "red line." ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

All of the execution paths identified by its research team are designed to trigger during the Next.js devs' normal working ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Wikipedia blacklists Archive.today after alleged DDoS attack

Archive.today blacklisted, 695,000 Wikipedia links likely to be affected The website has been linked to a DDoS attack ...

UK has not agreed to let US strike Iran from British bases, Sky News understands

The UK is not thought to be preparing to support the US in any military offensive against Iran, but has deployed six F-35 warplanes to Cyprus, and sent four Typhoon jets to Qatar, as part of efforts ...

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...