Security researchers at Sonatype have discovered today an npm package (JavaScript library) that contains malicious code designed to steal sensitive files from a user's browsers and Discord application ...

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm) code ...

The npm security team has removed a malicious JavaScript library from the npm portal that was designed to steal sensitive files from an infected users' browser and Discord application. The malicious ...

The CursedGrabber malware has infiltrated the open-source software code repository. Three malicious software packages have been published to npm, a code repository for JavaScript developers to share ...

Security researchers have discovered yet another supply chain attack campaign using malicious npm packages, this time targeting Discord users. Kaspersky said it identified four suspicious packages in ...

A dozen malicious PyPi packages have been discovered installing malware that modifies the Discord client to become an information-sealing backdoor and stealing data from web browsers and Roblox. The ...

Python developers are under attack once again, with attackers looking to steal Discord account details along with data stored in various browsers. Cybersecurity researchers from Snyk have recently ...