A dozen malicious PyPi packages have been discovered installing malware that modifies the Discord client to become an information-sealing backdoor and stealing data from web browsers and Roblox.

The Python Package Index (PyPI) registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting arbitrary code execution ...

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.

VS Code flaw lets attackers reuse deleted extension names, enabling ransomware payload delivery and supply chain risks.

Discord webhooks are used to automate messages based on activities in other applications: for example, the official documentation describes making a bot that notifies a channel of new GitHub commits.

Threat actors are leveraging some incredibly useful features of Discord for malicious things, such as malware staging and data exfiltration.

The npm security team has removed a malicious JavaScript library from the npm portal that was designed to steal sensitive files from an infected users' browser and Discord application.

Named discord.dll, the malicious JavaScript library is still available via npm, a web portal, command-line utility, and package manager for JavaScript programmers.

Gaming enthusiasts have been warned not to reply to unsolicited Discord messages, after researchers revealed a new infostealer campaign. Malwarebytes said in a blog post that victims are typically ...