Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Infosecurity Magazine

Flaws in Popular Software Development App Extensions Allow Data Exfiltration

Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain ...
WinBuzzer

Leaked Code Reveals OpenAI’s Secret Government Surveillance Network

Researchers have exposed OpenAI's covert Persona watchlist, active since 2023, screening users for government agencies via 53 ...