网络安全研究人员发现，网络犯罪分子正在利用Discord webhook作为替代性命令与控制（C2）通道，渗透主流编程语言生态系统。与传统C2服务器不同，webhook提供免费且隐蔽的数据外传渠道，能够完美隐藏在合法的HTTPS流量中。 过去一个月内，npm、PyPI和RubyGems平台上 ...

Security researchers at Sonatype have discovered today an npm package (JavaScript library) that contains malicious code designed to steal sensitive files from a user's browsers and Discord application ...

Discord continues to be a breeding ground for malicious activity by hackers and now APT groups, with it commonly used to distribute malware, exfiltrate data, and targeted by threat actors to steal ...

The 'LofyGang' threat actors have created a credential-stealing enterprise by distributing 200 malicious packages and fake hacking tools on code hosting platforms, such as NPM and GitHub. Researchers ...

Thanks in large part to the global pandemic, collaboration platforms like Discord and Slack have taken up intimate positions in our lives, helping maintain personal ties despite physical isolation.

The npm security team has removed a malicious JavaScript library from the npm portal that was designed to steal sensitive files from an infected users' browser and Discord application. The malicious ...

Discord is a great voice, text, and video platform that allows friends, family, and communities of all types to connect in a common space. However, it’s been known that Discord has been used for some ...

Gaming enthusiasts have been warned not to reply to unsolicited Discord messages, after researchers revealed a new infostealer campaign. Malwarebytes said in a blog post that victims are typically ...

In recent reports, hackers have now updated the AnarchyGrabber trojan to allow it to steal passwords and user tokens on the chat platform Discord, spreading all kinds of malware to a victim's friends ...