Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical assessment materials. Telemetry collected during this investigation indicates the activity aligns with a broader cluster of threats that use job-themed lures to blend into routine developer workflows and increase the likelihood of code execution.

During initial incident analysis, Defender telemetry surfaced a limited set of malicious repositories directly involved in observed compromises. Further investigation expanded the scope by reviewing repository contents, naming conventions, and shared coding patterns. These artifacts were cross-referenced against publicly available code-hosting platforms. This process uncovered additional related repositories that were not directly referenced in observed logs but exhibited the same execution mechanisms, loader logic, and staging infrastructure.

Across these repositories, the campaign uses multiple entry points that converge on the same outcome: runtime retrieval and local execution of attacker-controlled JavaScript that transitions into staged command-and-control. An initial lightweight registration stage establishes host identity and can deliver bootstrap code before pivoting to a separate controller that provides persistent tasking and in-memory execution. This design supports operator-driven discovery, follow-on payload delivery, and staged data exfiltration.

Initial discovery and scope expansion

The investigation began with analysis of suspicious outbound connections to attacker-controlled command-and-control (C2) infrastructure. Defender telemetry showed Node.js processes repeatedly communicating with related C2 IP addresses, prompting deeper review of the associated execution chains.

By correlating network activity with process telemetry, analysts traced the Node.js execution back to malicious repositories that served as the initial delivery mechanism. This analysis identified a Bitbucket-hosted repository presented as a recruiting-themed technical assessment, along with a related repository using the Cryptan-Platform-MVP1 naming convention.

From these findings, analysts expanded the scope by pivoting on shared code structure, loader logic, and repository naming patterns. Multiple repositories followed repeatable naming conventions and project “family” patterns, enabling targeted searches for additional related repositories that were not directly referenced in observed telemetry but exhibited the same execution and staging behavior.

Figure 1. Repository naming patterns and shared structure used to pivot from initial telemetry to additional related repositories 

Multiple execution paths leading to a shared backdoor 

Analysis of the identified repositories revealed three recurring execution paths designed to trigger during normal developer activity. While each path is activated by a different action, all ultimately converge on the same behavior: runtime retrieval and in‑memory execution of attacker‑controlled JavaScript. 

Path 1: Visual Studio Code workspace execution

Several repositories abuse Visual Studio Code workspace automation to trigger execution as soon as a developer opens (and trusts) the project. When present, .vscode/tasks.json is configured with runOn: “folderOpen”, causing a task to run immediately on folder open. In parallel, some variants include a dictionary-based fallback that contains obfuscated JavaScript processed during workspace initialization, providing redundancy if task execution is restricted. In both cases, the execution chain follows a fetch-and-execute pattern that retrieves a JavaScript loader from Vercel and executes it directly using Node.js.

``` 
node /Users/XXXXXX/.vscode/env-setup.js →  https://price-oracle-v2.vercel.app 
``` 

Figure 2. Telemetry showing a VS Code–adjacent Node script (.vscode/env-setup.js) initiating outbound access to a Vercel staging endpoint (price-oracle-v2.vercel[.]app). 

After execution, the script begins beaconing to attacker-controlled infrastructure. 

Path 2: Build‑time execution during application development 

The second execution path is triggered when the developer manually runs the application, such as with npm run dev or by starting the server directly. In these variants, malicious logic is embedded in application assets that appear legitimate but are trojanized to act as loaders. Common examples include modified JavaScript libraries, such as jquery.min.js, which contain obfuscated code rather than standard library functionality. 

When the development server starts, the trojanized asset decodes a base64‑encoded URL and retrieves a JavaScript loader hosted on Vercel. The retrieved payload is then executed in memory by Node.js, resulting in the same backdoor behavior observed in other execution paths. This mechanism provides redundancy, ensuring execution even when editor‑based automation is not triggered. 

Telemetry shows development server execution immediately followed by outbound connections to Vercel staging infrastructure: 

``` 
node server/server.js  →  https://price-oracle-v2.vercel.app 
``` 

Figure 3. Telemetry showing node server/server.js reaching out to a Vercel-hosted staging endpoint (price-oracle-v2.vercel[.]app). 

The Vercel request consistently precedes persistent callbacks to attacker‑controlled C2 servers over HTTP on port 300.  

Path 3: Server startup execution via env exfiltration and dynamic RCE 

The third execution path activates when the developer starts the application backend. In these variants, malicious loader logic is embedded in backend modules or routes that execute during server initialization or module import (often at require-time). Repositories commonly include a .env value containing a base64‑encoded endpoint (for example, AUTH_API=<base64>), and a corresponding backend route file (such as server/routes/api/auth.js) that implements the loader. 

On startup, the loader decodes the endpoint, transmits the process environment (process.env) to the attacker-controlled server, and then executes JavaScript returned in the response using dynamic compilation (for example, new Function(“require”, response.data)(require)). This results in in‑memory remote code execution within the Node.js server process. 

``` 
Server start / module import 
→ decode AUTH_API (base64) 
→ POST process.env to attacker endpoint 
→ receive JavaScript source 
→ execute via new Function(...)(require) 
``` 

Figure 4. Backend server startup path where a module import decodes a base64 endpoint, exfiltrates environment variables, and executes server‑supplied JavaScript via dynamic compilation. 

This mechanism can expose sensitive configuration (cloud keys, database credentials, API tokens) and enables follow-on tasking even in environments where editor-based automation or dev-server asset execution is not triggered. 

Stage 1 C2 beacon and registration 

Regardless of the initial execution path, whether opening the project in Visual Studio Code, running the development server, or starting the application backend, all three mechanisms lead to the same Stage 1 payload. Stage 1 functions as a lightweight registrar and bootstrap channel.

After being retrieved from staging infrastructure, the script profiles the host and repeatedly polls a registration endpoint at a fixed cadence. The server response can supply a durable identifier, instanceId, that is reused across subsequent polls to correlate activity. Under specific responses, the client also executes server-provided JavaScript in memory using dynamic compilation, new Function(), enabling on-demand bootstrap without writing additional payloads to disk. 

Stage 2 C2 controller and tasking loader 

Stage 2 upgrades the initial foothold into a persistent, operator-controlled tasking client. Unlike Stage 1, Stage 2 communicates with a separate C2 IP and API set that is provided by the Stage 1 bootstrap. The payload commonly runs as an inline script executed via node -e, then remains active as a long-lived control loop. 

Stage 2 polls a tasking endpoint and receives a messages[] array of JavaScript tasks. The controller maintains session state across rounds, can rotate identifiers during tasking, and can honor a kill switch when instructed. 

After receiving tasks, the controller executes them in memory using a separate Node interpreter, which helps reduce additional on-disk artifacts. 

The controller maintains stability and session continuity, posts error telemetry to a reporting endpoint, and includes retry logic for resilience. It also tracks spawned processes and can stop managed activity and exit cleanly when instructed. 

Beyond on-demand code execution, Stage 2 supports operator-driven discovery and exfiltration. Observed operations include directory browsing through paired enumeration endpoints: 

 Staged upload workflow (upload, uploadsecond, uploadend) used to transfer collected files: 

Summary

This developer‑targeting campaign shows how a recruiting‑themed “interview project” can quickly become a reliable path to remote code execution by blending into routine developer workflows such as opening a repository, running a development server, or starting a backend. The objective is to gain execution on developer systems that often contain high‑value assets such as source code, environment secrets, and access to build or cloud resources.

When untrusted assessment projects are run on corporate devices, the resulting compromise can expand beyond a single endpoint. The key takeaway is that defenders should treat developer workflows as a primary attack surface and prioritize visibility into unusual Node execution, unexpected outbound connections, and follow‑on discovery or upload behavior originating from development machines 

Cyber kill chain model 

Mitigation and protection guidance  

What to do now if you’re affected  

• If a developer endpoint is suspected of running this repository chain, the immediate priority is containment and scoping. Use endpoint telemetry to identify the initiating process tree, confirm repeated short-interval polling to suspicious endpoints, and pivot across the fleet to locate similar activity using Advanced Hunting tables such as DeviceNetworkEvents or DeviceProcessEvents.

• Because post-execution behavior includes credential and session theft patterns, response should include identity risk triage and session remediation in addition to endpoint containment. Microsoft Entra ID Protection provides a structured approach to investigate risky sign-ins and risky users and to take remediation actions when compromise is suspected. 

• If there is concern that stolen sessions or tokens could be used to access SaaS applications, apply controls that reduce data movement while the investigation proceeds. Microsoft Defender for Cloud Apps Conditional Access app control can monitor and control browser sessions in real time, and session policies can restrict high-risk actions to reduce exfiltration opportunities during containment. 

Defending against the threat or attack being discussed  

• Harden developer workflow trust boundaries. Visual Studio Code Workspace Trust and Restricted Mode are designed to prevent automatic code execution in untrusted folders by disabling or limiting tasks, debugging, workspace settings, and extensions until the workspace is explicitly trusted. Organizations should use these controls as the default posture for repositories acquired from unknown sources and establish policy to review workspace automation files before trust is granted.  

• Reduce build time and script execution attack surface on Windows endpoints. Attack surface reduction rules in Microsoft Defender for Endpoint can constrain risky behaviors frequently abused in this campaign class, such as running obfuscated scripts or launching suspicious scripts that download or run additional content. Microsoft provides deployment guidance and a phased approach for planning, testing in audit mode, and enforcing rules at scale.  

• Strengthen prevention on Windows with cloud delivered protection and reputation controls. Microsoft Defender Antivirus cloud protection provides rapid identification of new and emerging threats using cloud-based intelligence and is recommended to remain enabled. Microsoft Defender SmartScreen provides reputation-based protection against malicious sites and unsafe downloads and can help reduce exposure to attacker infrastructure and socially engineered downloads.  

• Protect identity and reduce the impact of token theft. Since developer systems often hold access to cloud resources, enforce strong authentication and conditional access, monitor for risky sign ins, and operationalize investigation playbooks when risk is detected. Microsoft Entra ID Protection provides guidance for investigating risky users and sign ins and integrating results into SIEM workflows.  

• Control SaaS access and data exfiltration paths. Microsoft Defender for Cloud Apps Conditional Access app control supports access and session policies that can monitor sessions and restrict risky actions in real time, which is valuable when an attacker attempts to use stolen tokens or browser sessions to access cloud apps and move data. These controls can complement endpoint controls by reducing exfiltration opportunities at the cloud application layer. [learn.microsoft.com], [learn.microsoft.com] 

• Centralize monitoring and hunting in Microsoft Sentinel. For organizations using Microsoft Sentinel, hunting queries and analytics rules can be built around the observable behaviors described in this blog, including Node.js initiating repeated outbound connections, HTTP based polling to attacker endpoints, and staged upload patterns. Microsoft provides guidance for creating and publishing hunting queries in Sentinel, which can then be operationalized into detections.  

• Operational best practices for long term resilience. Maintain strict credential hygiene by minimizing secrets stored on developer endpoints, prefer short lived tokens, and separate production credentials from development workstations. Apply least privilege to developer accounts and build identities, and segment build infrastructure where feasible. Combine these practices with the controls above to reduce the likelihood that a single malicious repository can become a pathway into source code, secrets, or deployment systems. 

Microsoft Defender XDR detections   

Microsoft Defender XDR customers can refer to the list of applicable detections below. Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against attacks like the threat discussed in this blog.  

Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.  

Microsoft Defender XDR threat analytics  

Microsoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.  

Hunting queries   

Node.js fetching remote JavaScript from untrusted PaaS domains (C2 stage 1/2) 

DeviceNetworkEvents 
| where InitiatingProcessFileName in~ ("node","node.exe") 
| where RemoteUrl has_any ("vercel.app", "api-web3-auth", "oracle-v1-beta") 
| project Timestamp, DeviceName, InitiatingProcessFileName, InitiatingProcessCommandLine, RemoteUrl 

Detection of next.config.js dynamic loader behavior (readFile → eval) 

DeviceProcessEvents 
| where FileName in~ ("node","node.exe") 
| where ProcessCommandLine has_any ("next dev","next build") 
| where ProcessCommandLine has_any ("eval", "new Function", "readFile") 
| project Timestamp, DeviceName, ProcessCommandLine, InitiatingProcessCommandLine 

Repeated shortinterval beaconing to attacker C2 (/api/errorMessage, /api/handleErrors) 

DeviceNetworkEvents 
| where InitiatingProcessFileName in~ ("node","node.exe") 
| where RemoteUrl has_any ("/api/errorMessage", "/api/handleErrors") 
| summarize BeaconCount = count(), FirstSeen=min(Timestamp), LastSeen=max(Timestamp) 
          by DeviceName, InitiatingProcessCommandLine, RemoteUrl 
| where BeaconCount > 10 

Detection of detached child Node interpreters (node – from parent Node) 

DeviceProcessEvents 
| where InitiatingProcessFileName in~ ("node","node.exe") 
| where ProcessCommandLine endswith "-" 
| project Timestamp, DeviceName, InitiatingProcessCommandLine, ProcessCommandLine 

Directory enumeration and exfil behavior

DeviceNetworkEvents 
| where RemoteUrl has_any ("/hsocketNext", "/hsocketResult", "/upload", "/uploadsecond", "/uploadend") 
| project Timestamp, DeviceName, RemoteUrl, InitiatingProcessCommandLine 

Suspicious access to sensitive files on developer machines 

DeviceFileEvents 
| where Timestamp > ago(14d) 
| where FileName has_any (".env", ".env.local", "Cookies", "Login Data", "History") 
| where InitiatingProcessFileName in~ ("node","node.exe","Code.exe","chrome.exe") 
| project Timestamp, DeviceName, FileName, FolderPath, InitiatingProcessCommandLine 

Indicators of compromise  

References    

• Threat Actors Expand Abuse of Microsoft Visual Studio Code 

• North Korea-Linked Hackers Target Developers via Malicious VS Code Projects 

• New DPRK Malware Uses Microsoft VSCode Dictionary Files | OpenSource Malware Blog 

This research is provided by Microsoft Defender Security Research with contributions from Colin Milligan.

Learn more   

Review our documentation to learn more about our real-time protection capabilities and see how to enable them within your organization.   

Explore how to build and customize agents with Copilot Studio Agent Builder 

Microsoft 365 Copilot AI security documentation 

How Microsoft discovers and mitigates evolving attacks against AI guardrails 

Learn more about securing Copilot Studio agents with Microsoft Defender  

Learn more about Protect your agents in real-time during runtime (Preview) – Microsoft Defender for Cloud Apps | Microsoft Learn   

The post Developer-targeting campaign using malicious Next.js repositories appeared first on Microsoft Security Blog.

Recently, a customer asked me a question many Microsoft partners are hearing right now:

“We have Copilot — how do we actually use AI to change the way we work?”

That question captures where we are in the AI journey today. Organizations have moved past curiosity. Now they’re looking for trusted partners who can turn AI into real business outcomes.

That’s why events like AgentCon 2026 matter.

A free, community-led event built by practicioners

AgentCon is not a traditional conference. It’s a free, community-driven global event organized by the Global AI Community together with Microsoft partners and ecosystem leaders.

Simply put: it’s for the community, by the community.

Across cities worldwide, developers, consultants, architects, and Microsoft partners come together to share practical experiences building with AI agents, Copilot, and the Microsoft platform.

The focus isn’t theory — it’s implementation:

• What worked
• What didn’t
• What partners can apply immediately with customers

This peer learning model reflects how many of us actually grow in the Microsoft ecosystem: by learning from other partners solving real problems.

Why this matters for Microsoft partners

The opportunity for partners is evolving quickly.

Customers aren’t just asking about AI tools — they’re asking how to redesign processes, automate work, and unlock productivity using AI-powered solutions.

The Microsoft AI Cloud Partner Program emphasizes partner skilling and helping customers realize value from AI investments. Community events like AgentCon accelerate that learning by bringing partners together to exchange proven approaches and practical insights.

When partners upskill faster, customers succeed faster.

Why attend

AgentCon is designed to help partners move from AI awareness to AI delivery.

As an attendee, you can expect:

• Practical sessions and demos from practitioners
• Real-world AI and agent scenarios
• Direct conversations with builders and peers
• New collaboration and co-sell opportunities

You’ll leave with ideas and approaches you can bring directly into customer engagements.

Why speak

AgentCon thrives because partners share openly with one another.

If you’ve implemented Copilot, explored AI agents, or learned lessons from customer deployments, your experience can help others accelerate their journey.

Speaking at AgentCon allows you to:

• Share your expertise with the global partner community
• Build credibility within the Microsoft ecosystem
• Create new partnerships and opportunities
• Contribute to collective partner success

You don’t need a perfect story — just an honest one others can learn from.

Join the global AgentCon community

AgentCon 2026 events takes place around the world including these upcoming events:

• March 9 - New York: https://aka.ms/AgentconNYC2026
• April 11 - Hong Kong: https://aka.ms/AgentconHongKong2026 
• April 16 - Seoul: https://aka.ms/agentconLondon2026
• April 22 - London: https://aka.ms/agentconSeoul2026

Each event is locally organized, community-led, and free to attend.

Help shape the next phase of AI adoption

AI transformation is happening now — and Microsoft partners play a critical role in guiding customers forward.

AgentCon is an opportunity to learn together, share experiences, and strengthen the partner ecosystem driving AI innovation.

👉 Register or apply to speak: https://aka.ms/agentcon2026

We hope you’ll join us — and be part of the community helping customers turn AI potential into real impact.

Welcome to the February 2026 update. This month we are excited to announce expanded availability for Agent Mode in Excel, as well that you can now query modern Excel workbooks (like .xlsx, .xlsb, .xlsm, .ods) stored locally on your device using Microsoft 365 Copilot Chat, on Windows and Mac.

In addition, we've heard your feedback that working across multiple Copilot entry points can feel fragmented; and to address this, the editing capabilities that App Skills provided will be integrated into Copilot Chat and Agent Mode in Excel, which became generally available earlier this year.  Click here to read more >

Excel for Windows and Mac:
- Agent Mode in Excel expanded availability
- Query your local Excel files with Copilot Chat

Excel for Windows and Mac

Agent Mode in Excel expanded availability
Agent Mode in Excel is now also available for Copilot in Excel users in the EU, including Current Channel and Monthly Enterprise Channel. Read more here >

Query your local Excel files with Copilot Chat
Copilot in Excel now works with locally stored modern workbooks. This gives users faster, more consistent assistance across all their files, improving productivity without requiring changes to how workbooks are stored. Previously, insights and analysis from Copilot Chat were limited to Excel workbooks stored in the cloud. With this new feature, analyzing your locally saved Excel workbooks with Copilot Chat makes it possible to stay productive even when you’re offline. This feature is currently rolling out on Windows and Mac. Read more here >

Many of these features are the result of your feedback. THANK YOU! Your continued Feedback in Action (#FIA) helps improve Excel for everyone. Please let us know how you like a particular feature and what we can improve upon—"Give a compliment" or "Make a suggestion"..  You can also submit new ideas or vote for other ideas via Microsoft Feedback.

Subscribe to our Excel Blog and the Insiders Blog to get the latest updates. Stay connected with us and other Excel fans around the world – join our Excel Community and follow us on X, formerly Twitter.

Special thanks to our Excel MVPs David Benaim, Bill Jelen, Alan Murray, and John Michaloudis for their contribution to this month's What's New in Excel article. David publishes weekly YouTube videos and regular LinkedIn posts about the latest innovations in Excel and more. Bill is the founder and host of MrExcel.com and the author of several books about Excel. Alan is an Excel trainer, author and speaker, best known for his blog computergaga.com and YouTube channel with the same name. John is the Founder & Chief Inspirational Officer at MyExcelOnline.com where he passionately teaches thousands of professionals how to use Excel to stand out from the crowd.

We are continuing to streamline the ways people engage with Copilot in Excel, and we've heard your feedback that working across multiple Copilot entry points can feel fragmented. To address this, Copilot in Excel is transitioning toward a more unified experience so users can easily choose between conversational assistance and direct editing capabilities.

As part of this effort, the editing capabilities that App Skills provided will be integrated into Copilot Chat and Agent Mode in Excel, which became generally available earlier this year. This update is part of our broader work to simplify the Copilot entry points and make it clearer how to interact with Copilot depending on the task. We know that when you find a workflow that works, change can feel disruptive. That's why we want to give you a clear picture of what's evolving in how you use Copilot in Excel and how these changes provide an even better experience.

Why this change matters 

We've heard your feedback about wanting a more capable experience when working with Copilot inside the spreadsheet. The enhanced editing experience that Agent Mode introduced was built specifically to address this. It's designed to handle more complex requests, work across multiple steps, and give you greater control over how Copilot edits your workbooks. 

Rather than maintaining separate experiences that can feel fragmented, we're bringing everything together so you have: 

• More power: Copilot with Agent Mode can now handle complex, multi-step reasoning tasks that go beyond what App Skills could do. 

• Better clarity: You'll know exactly where to go depending on what you need—direct editing happens with Agent Mode; quick answers and simple actions work best in Copilot Chat. 

• Continued innovation: By focusing on improvements toward a unified experience, we can deliver new capabilities faster. As part of this, we also plan to better integrate Agent Mode’s editing capabilities into the Copilot Chat experience in the coming months. 

What’s changing? 

• App Skills entry points in Excel are going away. You will no longer find an App Skills button in the ribbon or be able to use App Skills from the context menu. 

• Existing skills are consolidating into Copilot Chat and Agent Mode. When you want Copilot to make changes directly in your workbook, Agent Mode is designed to support many core editing tasks, such as creating or updating tables, applying formatting, or generating charts and PivotTables. Copilot Chat remains available for tasks that don’t require modifying content, such as interpretation or exploration of your data and using agents like Analyst.
  
• If you can open the App Skills chat pane and submit a prompt, you may receive an error message instead of a response. During this transition, some users may still see App Skills entry points for a short time. In some cases, opening the App Skills pane may result in an error message indicating that App Skills is no longer available. If this happens, you can continue your workflow using Agent Mode or Copilot Chat based on the type of assistance you need. 

When is it happening? 

This update is rolling out now. Depending on your Excel version, you may see the App Skills entry point up until the end of February.

App Skill scenarios not yet available

Certain scenarios that previously used App Skills—specifically the Advanced Analysis mode that used Python in Excel and advanced text analysis capabilities—are not yet available within Copilot Chat or Agent Mode. We are continuing to expand support for these capabilities in Copilot Chat and Agent Mode—watch for updates as these become available over time. 

Note: this was originally communicated to commercial customers via the M365 Message Center (MC1184407) on November 10, 2025.

The Top 10 MVP Theater Sessions — Now On Demand 

Every year, Microsoft Ignite brings together some of the brightest minds in our global community and our Microsoft Most Valuable Professionals (MVPs) continue to play a major role. This year, MVPs once again stepped up to deliver high impact Theater sessions packed with real world expertise, practical demos, and a true passion for helping others, and the kind of energy only community leaders can bring.  

As part of our continued commitment to amplify community voices, we invited a group of 10 MVPs to record their 25-minute Theater sessions from Microsoft Ignite. We’re excited to share these publicly, as Theater sessions are usually only delivered in person.  Now the global community can learn from the insights MVPs shared in San Francisco no matter what time zone you’re in. Check out the playlist here.  

Microsoft Ignite featured Theater sessions from 20 MVPs across a variety of subjects. Every MVP speaker contributed tremendous value to Microsoft Ignite, and this selection simply represents a cross section of standout topics we’re thrilled to make more widely accessible.  

Whether you’re exploring Microsoft 365, Copilot adoption, security, governance, developer tools, or emerging AI patterns, there’s something here for every technical professional.

Why These Sessions Matter 

MVP-led Theater sessions consistently score among the highest rated and most attended Theater sessions at Microsoft Ignite, reflecting the community’s appreciation for practical solutions, honest learnings, and direct experience from the field. This video collection brings that same value into an easy, shareable format that supports year-round skilling and community knowledge sharing. 

These videos are perfect to: 

• Share in your user groups and community meetups 

• Use for team training or upskilling 

• Bookmark for reference as you adopt the latest Microsoft technologies 

• Learn directly from experienced practitioners solving real problems in real environments 

Thank you to our MVP Community 

We want to extend our gratitude to every MVP and Regional Director who presented, staffed, attended or otherwise contributed to the success of Microsoft Ignite. The impact of your expertise reaches far beyond a single event; you help thousands of people level up their skills and stay ahead of what’s next. 

We can’t wait to see how you use these videos in your communities around the world. 

Resources 

The full playlist is available on YouTube.