DigiNews

Summary

Microsoft Defender Experts detail a coordinated developer-targeting campaign delivering a backdoor through malicious Next.js repositories. The campaign uses three execution paths to achieve in-memory code execution and long-running C2 control, with staged beaconing and data exfiltration; defenders are urged to harden developer workflows and enable telemetry and hunting rules.