A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. The ...

The Python Package Index (PyPI) registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting code execution capabilities to ...

Four packages containing highly obfuscated malicious Python and JavaScript code were discovered this week in the Node Package Manager (npm) repository. According to a report from Kaspersky, the ...

Security researchers have discovered yet another supply chain attack campaign using malicious npm packages, this time targeting Discord users. Kaspersky said it identified four suspicious packages in ...

"People downloading open source packages should take extra care in making sure the item they’re downloading is legitimate and not malware masquerading as something legitimate." Click to expand ...

Researchers at Kaspersky have identified malicious campaign dubbed LofyLife, which gathers various information from victims, including Discord tokens and credit card information, and to spy on them ...

Researchers have found another 17 malicious packages in an open source repository, as the use of such repositories to spread malware continues to flourish. This time, the malicious code was found in ...

Cybercriminals have found a new way to steal your Discord account using the npm open-source repository alongside a couple of malware variants. As reported by Kaspersky, which first spotted the ...

Discord users, we have some not-so-great news for you. Reports have it that cybercriminals have found a new way to steal your Discord account. And they are doing this by using npm (node package ...