Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Search Engine Land

Google: 75% of crawling issues come from two common URL mistakes

Gary Illyes says faceted navigation and action parameters dominate Google’s crawl waste, trapping bots in infinite URLs and straining servers. Google discussed its 2025 year-end report on crawling and ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.