Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...
The Hacker News

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential ...

Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious ...
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...

Trend Micro warns of critical Apex One code execution flaws

Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on ...

Microsoft plugs remote code vulnerability in Notepad app on Windows 11

Microsoft fixes a critical Notepad vulnerability in Windows 11 that could allow remote code execution via malicious Markdown ...
InfoWorld

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.
InfoWorld

Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors

Attackers used “technical assessment” projects with repeatable naming conventions to blend in cloning and build workflows, ...

Claude Code now lets you handle tasks remotely from a phone

Claude Code is adding Remote Control, a new mode that lets users manage active coding tasks from their phones, extending the ...

Indian government issues warning for Google Chrome users over major security flaws; urges users to apply...

CERT-In has issued a high-severity alert for Google Chrome desktop users, warning of a vulnerability that could allow remote ...
Unite.AI

OpenClaw vs Claude Code: Remote Control Agents

Two tools that have recently landed, taken together, define what the next phase of AI agent competition looks like. On5, Anthropic released Remote Control for Claude Code — a feature that lets ...