Fake 'interview' repos lure Next.js devs into running secret-stealing malware

All of the execution paths identified by its research team are designed to trigger during the Next.js devs' normal working ...

Cloudflare experiment ports most of Next.js API 'in one week' with AI

A Cloudflare engineer says he has implemented 94 percent of the Next.js API by directing Anthropic's Claude, spending about $1,100 on tokens. The purpose of the experimental project was not to show ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...