This article describes a campaign where threat actors are distributing malicious Next.js repositories to target developers, though the specific attack vector and method are not detailed. The provided NVD data references a separate critical vulnerability, CVE-2025-10035 (CVSS 10.0), which affects Fortra GoAnywhere Managed File Transfer versions prior to 7.6.3 and versions from 7.7.0 through 7.7.x prior to 7.8.4, requiring an upgrade to either version 7.6.3 or 7.8.4.
2026-02-24 (Back to Inventory) Developer-targeting campaign using malicious Next.js repositories Author(s): Microsoft Defender Experts Organization: Microsoft Open article directly Open article on Archive.org Related Articles 2026-01-14 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations 2025-10-09 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Investigating targeted “payroll pirate” attacks affecting US universities Storm-2657 2025-10-06 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability Medusa Storm-1175