网络安全研究人员发现，网络犯罪分子正在利用Discord webhook作为替代性命令与控制（C2）通道，渗透主流编程语言生态系统。与传统C2服务器不同，webhook提供免费且隐蔽的数据外传渠道，能够完美隐藏在合法的HTTPS流量中。 过去一个月内，npm、PyPI和RubyGems平台上 ...

Discord continues to be a breeding ground for malicious activity by hackers and now APT groups, with it commonly used to distribute malware, exfiltrate data, and targeted by threat actors to steal ...

Creator Rob Laughter shared on Reddit that if you install and use ComfyUI_LLMVISION, your browser passwords, credit card information, and browsing history will be sent to a Discord server via webhook.

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks. On April 23rd, 2022, a Discord user with the handle “Portu” began advertising a ...

TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators. Several ...

Security researchers at Sonatype have discovered today an npm package (JavaScript library) that contains malicious code designed to steal sensitive files from a user's browsers and Discord application ...

Discord is a great voice, text, and video platform that allows friends, family, and communities of all types to connect in a common space. However, it’s been known that Discord has been used for some ...

The npm security team has removed a malicious JavaScript library from the npm portal that was designed to steal sensitive files from an infected users' browser and Discord application. The malicious ...

Gaming enthusiasts have been warned not to reply to unsolicited Discord messages, after researchers revealed a new infostealer campaign. Malwarebytes said in a blog post that victims are typically ...