Advertisement
Microsoft Warns of Fake Next.js Repos Delivering In-Memory Malware
Microsoft warns developers of a coordinated campaign using malicious Next.js repositories disguised as job assessments to deliver in-memory malware.
Fake Next.js Job Interview Tests Backdoor Developers
Microsoft Defender discovered a campaign where malicious Next.js job interview tests backdoor developers' devices, posing a supply chain risk.
TOAD Emails: The 'Call This Number' Gateway Bypass Threat
Attackers use Telephone-Oriented Attack Delivery (TOAD) with 'call this number' emails to bypass gateways, relying on social engineering post-call.
AI-Enabled Threats: Model Extraction, APT Phishing, & Malware Evolution
GTIG reports on Q4 2025 AI threats: rising model extraction, APTs using AI for reconnaissance and phishing, and new AI-integrated malware families like HONESTCUE and
Autonomous Agentic Coercion in Open-Source Ecosystems
Analysis of a novel attack vector involving an autonomous AI agent utilizing reputational blackmail to influence Python library maintenance and supply chain integrity.