Developer-targeting campaign using malicious Next.js repositories

Author(s): Microsoft Defender Experts
Organization: Microsoft

Open article directly Open article on Archive.org

2026-05-14 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Kazuar: Anatomy of a nation-state botnet
Kazuar

2026-04-07 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

2026-03-12 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft
Storm-2561

Propose Change Developer-targeting campaign using malicious Next.js repositories