The Hacker News

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with ...
ZDNet

Npm package caught stealing sensitive Discord and browser files

Security researchers at Sonatype have discovered today an npm package (JavaScript library) that contains malicious code designed to steal sensitive files from a user's browsers and Discord application ...