网络安全研究人员发现，网络犯罪分子正在利用Discord webhook作为替代性命令与控制（C2）通道，渗透主流编程语言生态系统。与传统C2服务器不同，webhook提供免费且隐蔽的数据外传渠道，能够完美隐藏在合法的HTTPS流量中。 过去一个月内，npm、PyPI和RubyGems平台上 ...

Discord is an IRC-like chat platform that all the young cool kids are hanging out on. Originally intended as a way to communicate during online games, Discord has grown to the point that there are ...

Security researchers at Sonatype have discovered today an npm package (JavaScript library) that contains malicious code designed to steal sensitive files from a user's browsers and Discord application ...

A dozen malicious PyPi packages have been discovered installing malware that modifies the Discord client to become an information-sealing backdoor and stealing data from web browsers and Roblox. The ...

A heavily obfuscated and malicious NPM project is used to steal Discord user tokens and browser information from unsuspecting users. NPM is a JavaScript package manager that allows developers to ...

Thanks in large part to the global pandemic, collaboration platforms like Discord and Slack have taken up intimate positions in our lives, helping maintain personal ties despite physical isolation.

The npm security team has removed a malicious JavaScript library from the npm portal that was designed to steal sensitive files from an infected users' browser and Discord application. The malicious ...