Discord tokens have become the perfect medium for cybercriminals to gain unauthorized access to accounts allowing the operators to distribute malicious links through compromised Discord channels. According to a new report from…
Tag: NPM
Malicious PyPI Code Packages Rack Up Thousands of Downloads
The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more. Three malicious packages hosted in the Python Package Index (PyPI) code repository have…
Malware distribution in public repositories highlighted by malicious npm packages stealing Discord tokens
ZDNet Recommends Best security key 2021 While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level. Read…
Malicious npm Code Packages Built for Hijacking Discord Servers
The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm)…
COA and RC npm Packages Hijacked
In a different supply chain attack on open-source software repositories, two widely deployed npm packages with nearly 22 million downloads per week were discovered to be infected with malicious code…
CISA warns of trojanized versions of JavaScript library’s NPM package
The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM repository. On Friday, the US Cybersecurity and Infrastructure…