IT之家 1 月 18 日消息，科技媒体 bleepingcomputer 昨日（1 月 17 日）发布博文，报道称名为“pycord-self”的恶意包出现在 Python 包索引（PyPI）上，目标是窃取 Discord 开发者的身份验证令牌，并在系统中植入后门以实现远程控制。 “pycord-self”恶意包伪装成流行的 Discord ...

Four packages containing highly obfuscated malicious Python and JavaScript code were discovered this week in the Node Package Manager (npm) repository. According to a report from Kaspersky, the ...

区块链的世界遵循黑暗森林法则，在这个世界我们随时可能遭受到来自不明的外部攻击，作为普通用户不进行作恶，但是了解黑客的作恶的方式是十分必要的。 慢雾安全团队此前发布了慢雾：在区块链世界你都会遇到哪些风险？该如何应对？其中提到了不少关于 ...

The Python Package Index (PyPI) registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting code execution capabilities to ...

Researchers at Kaspersky have identified malicious campaign dubbed LofyLife, which gathers various information from victims, including Discord tokens and credit card information, and to spy on them ...

Multiple npm packages are being used in an ongoing malicious campaign to infect Discord users with malware that steals their payment card information. The malware used in these attacks is a variant of ...

Security researchers have discovered yet another supply chain attack campaign using malicious npm packages, this time targeting Discord users. Kaspersky said it identified four suspicious packages in ...

There are two fundamental facts about open source. One, it's everywhere. Virtually every application includes open source components. Two, it can have serious vulnerabilities that cyberattacks can ...