DevOps security firm JFrog discovered 17 new malicious packages in the npm (Node.js package manager) repository that intentionally seek to attack and steal a user's Discord tokens.

If you’ve read or seen the term PFP NFTs, you might have thought someone’s cat walked across the keyboard. But no, that alphabet soup has a meaning: We are talking about profile picture (PFP ...

Pablo May 31, 2023. If you have 2FA enabled, and you perform actions requiring admin privileges (such as removing other admins) using only a sessions token, the IdP should ask the user for a 2FA ...

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system.

Among these, three Python scripts – Discord_token_grabber.py, get_cookies.py and password_grabber.py – were particularly harmful. Malicious Scripts Steal Discord and Browser Tokens.

Garwood Pang, senior security researcher at Tigera, explained that stolen Discord tokens could be leveraged in follow-on spear-phishing attacks on victims' friends. “Npm provides one of the most ...

Click 'Add Discord Account' from 'Add Account'. Then another window will open and you will be prompted to enter a token. When you click 'Get My Discord Token' ...

The campaign, dubbed LofyLife, is aimed at stealing Discord tokens as well as victims’ IP addresses from infected machines, they said in a blog post on Secure List published Thursday.

AXLocker is a new ransomware attack that not only encrypts your files -- it also attempts to steal your Discord account, giving you 48 hours to respond. Skip to main content Menu ...