Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...
Cybernews

AI-driven hacking uses booking.com and Microsoft Teams in vibe coding and “flat pack ...

AI is helping cybercriminals to rapidly assemble malware with flat-pack efficiency. It’s almost like buying a sofa from Ikea, ...
SecurityWeek

Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks

The Coruna exploit kit has 23 exploits targeting iOS devices, previously used in Russian attacks and now in cybercrime ...

Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks

A previously undocumented set of 23 iOS exploits named "Coruna" has been deployed by multiple threat actors in targeted ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
ギズモード・ジャパン

見たい映画が一発で見つかる! Netflix裏コード集

2024年9月8日の記事を編集して再掲載しています。「ネトフリ見飽きた」「似たような作品ばかり」「もう見るTVも映画もない」…と思ったとき試したいのが、Netflix裏コード。URLのnetflix.com/browse/genre/のあとにこやつを入力するだけで見たいカテゴリの作品一覧がバーンと出てくるジャンル別シークレットコードのことなんですが、アレって随時増強 ...