The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...
Security Boulevard

APT37 Adds New Capabilities for Air-Gapped Networks

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...
InfoWorld

The best new features of C# 14

File-based apps, extension members, nameof improvements, and user-defined compound assignment operators make life easier for C# programmers. You’ll need .NET 10.
Infosecurity Magazine

Aeternum Botnet Shifts Command Control to Polygon Blockchain

A newly identified botnet loader is shifting command-and-control (C2) operations onto the Polygon blockchain, eliminating the central servers that authorities and security firms have historically ...