Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
InfoWorld

New AI tool targets critical hole in thousands of open source apps

The tool, created by university researchers, is designed to find and automatically create a patch for vulnerabilities in large repositories like GitHub, but it isn’t perfect yet. Dutch and Iranian ...