#repository-compromise

#repository-compromise

A coordinated campaign uses fake Next.js repositories and job assessment lures to trick developers into executing malicious code that establishes persistent command-and-control access.