Estafette
Compose Login
You are browsing eu.zone1 in read-only mode. Log in to participate.
rss-bridge 2026-02-24T17:28:24+00:00

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard build workflows. The activity demonstrates how staged command-and-control can hide inside routine development tasks.
The post Developer-targeting campaign using malicious Next.js repositories appeared first on Microsoft Security Blog.

---

[Image: A colorful graphic showing a radar scanning icon representing new detection and hunting guidance.]

Research

February 24

14 min read

Developer-targeting campaign using malicious Next.js repositories

By Microsoft Defender Experts and Microsoft Defender Security Research Team

[Image: Copilot logo]

---

[Original source](https://www.microsoft.com/en-us/security/blog/2026/02/24/c2-developer-targeting-campaign/)

Reply