The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI ...
GitHub

Nordnet nExt API Javascript client

Isomorphic JS client for Nordnet nExt API. Client can be used both on the client and server side. Client should be used for making HTTP requests towards nExt API. See nExt API documentation for a list ...

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

All of the execution paths identified by its research team are designed to trigger during the Next.js devs' normal working ...
Arabian Post

Microsoft flags malicious Next.js developer traps

Security researchers at Microsoft said the campaign targets developers who routinely clone public repositories for evaluation, collaboration or recruitment exercises. The attackers publish projects ...
OfficeChai

Cloudflare Says It Used AI To Rebuild Next.js In 1 Week For $1,100

AI isn’t just helping out with coding — it’s helping complete entire projects at a pace and price-point that would’ve been unthinkable ...
GitHub

LangGraph Next.js API Passthrough

This is no longer the recommended way of handling authentication with LangGraph servers. Now that both Python, and TypeScript graphs support custom authentication and routes, we recommend you ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

PoshBuilder AI Enters Beta With Desktop IDE and Self-Hosted CMS Built to Challenge Cursor and WordPress

All-in-One Platform Combines AI-Powered Coding, Visual Building, and Deployable CMS for Modern Web Development LOS ...