#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Discord | Breaking Cybersecurity News | The Hacker News

Category — Discord
Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP

Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP

Jan 20, 2025 Supply Chain Attack / Solana
Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems. The list of identified packages is below - @async-mutex/mutex, a typosquat of async-mute (npm) dexscreener, which masquerades as a library for accessing liquidity pool data from decentralized exchanges (DEXs) and interacting with the DEX Screener platform (npm) solana-transaction-toolkit (npm) solana-stable-web-huks (npm) cschokidar-next, a typosquat of chokidar (npm) achokidar-next, a typosquat of chokidar (npm) achalk-next, a typosquat of chalk (npm) csbchalk-next, a typosquat of chalk (npm) cschalk, a typosquat of chalk (npm) pycord-self, a typosquat of discord.py-self (PyPI) Supply chain security company Socket, which discovered the packages, said the first four packages are designed to intercept Solana private keys and transmit them throug...
Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

May 27, 2024 Malware / Threat Intelligence
The Pakistan-nexus  Transparent Tribe  actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. "This cluster of activity spanned from late 2023 to April 2024 and is anticipated to persist," the BlackBerry Research and Intelligence Team  said  in a technical report published early last week. The spear-phishing campaign is also notable for its abuse of popular online services such as Discord, Google Drive, Slack, and Telegram, once again underscoring how threat actors are  adopting legitimate programs  into their attack flows. According to BlackBerry, the targets of the email-based attacks included three companies that are crucial stakeholders and clients of the Department of Defense Production ( DDP ). All the three companies targeted are headquartered in the Indian city of Bengaluru. While the names of the firms were not disclosed, i...
SOC Analysts - Reimagining Their Role Using AI

SOC Analysts - Reimagining Their Role Using AI

Jan 30, 2025AI Security / SOC Automation
The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alerts—often false positives—just to identify a handful of real threats. This relentless, 24/7 work leads to alert fatigue, desensitization, and increased risk of missing critical security incidents. Studies show that 70% of SOC analysts experience severe stress, and 65% consider leaving their jobs within a year . This makes retention a major challenge for security teams, especially in light of the existing shortage of skilled security analysts . On the operational side, analysts spend more time on repetitive, manual tasks like investigating alerts, and resolving and documenting incidents than they do on proactive security measures. Security teams struggle with configuring and maintaining SOAR playbooks as the cyber landscape rapidly changes. To top this all off, tool overload and siloed ...
New Rugmi Malware Loader Surges with Hundreds of Daily Detections

New Rugmi Malware Loader Surges with Hundreds of Daily Detections

Dec 28, 2023 Malware / Cyber Threat
A new malware loader is being used by threat actors to deliver a wide range of  information stealers  such as Lumma Stealer (aka LummaC2), Vidar, RecordBreaker (aka Raccoon Stealer V2), and  Rescoms . Cybersecurity firm ESET is tracking the trojan under the name  Win/TrojanDownloader.Rugmi . "This malware is a loader with three types of components: a downloader that downloads an encrypted payload, a loader that runs the payload from internal resources, and another loader that runs the payload from an external file on the disk," the company  said  in its Threat Report H2 2023. Telemetry data gathered by the company shows that detections for the Rugmi loader spiked in October and November 2023, surging from single digit daily numbers to hundreds per day. Stealer malware is typically sold under a malware-as-a-service (MaaS) model to other threat actors on a subscription basis. Lumma Stealer, for instance, is advertised in underground forums for $250 a mo...
cyber security

Practical, Tactical Guide to Securing AI in the Enterprise

websiteTinesEnterprise Security / AI Security
Supercharge your organization's AI adoption strategy, and go from complex challenges to secure success.
Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails

Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails

Nov 23, 2023 Malware / Threat Analysis
Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as  WailingCrab . "The malware itself is split into multiple components, including a loader, injector, downloader and backdoor, and successful requests to C2-controlled servers are often necessary to retrieve the next stage," IBM X-Force researchers Charlotte Hammond, Ole Villadsen, and Kat Metrick  said . WailingCrab, also called WikiLoader, was  first documented  by Proofpoint in August 2023, detailing campaigns targeting Italian organizations that used the malware to ultimately deploy the Ursnif (aka Gozi) trojan. It was spotted in the wild in late December 2022. The malware is the handiwork of a threat actor known as TA544, which is also tracked as Bamboo Spider and Zeus Panda. IBM X-Force has named the cluster Hive0133. Actively maintained by its operators, the malware has been observed incorporating features that prioritize stealth and allows it to ...
QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord

QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord

Aug 14, 2023 Cyber Threat / Malware
A new remote access trojan (RAT) called  QwixxRAT  is being advertised for sale by its threat actor through Telegram and Discord platforms. "Once installed on the victim's Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker's Telegram bot, providing them with unauthorized access to the victim's sensitive information," Uptycs  said  in a new report published today. The cybersecurity company, which discovered the malware earlier this month, said it's "meticulously designed" to harvest web browser histories, bookmarks, cookies, credit card information, keystrokes, screenshots, files matching certain extensions, and data from apps like Steam and Telegram. The tool is offered for 150 rubles for weekly access and 500 rubles for a lifetime license. It also comes in a limited free version. A C#-based binary, QwixxRAT comes with various anti-analysis features to remain covert and evade detection. Thi...
Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware

Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware

Nov 29, 2022
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx. The trend, called  Invisible Challenge , involves applying a filter known as  Invisible Body  that just leaves behind a silhouette of the person's body. But the fact that individuals filming such videos could be undressed has led to a nefarious scheme wherein the attackers post TikTok videos with links to rogue software dubbed "unfilter" that purport to remove the applied filters. "Instructions to get the 'unfilter' software deploy  WASP stealer malware  hiding inside malicious Python packages," Checkmarx researcher Guy Nachshon  said  in a Monday analysis. The WASP stealer (aka W4SP Stealer) is a malware that's designed to steal users' passwords, Discord accounts, cryptocurrency wallets, and other sensitive information. The TikTok videos posted by the attackers, @learncyber an...
25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository

25 Malicious JavaScript Libraries Distributed via Official NPM Package Repository

Feb 23, 2022
Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems, more than two months after  17 similar packages  were taken down. The libraries in question leveraged typosquatting techniques and masqueraded as other legitimate packages such as colors.js, crypto-js, discord.js, marked, and  noblox.js , DevOps security firm JFrog said, attributing the packages as the work of "novice malware authors." The complete list of packages is below – node-colors-sync (Discord token stealer) color-self (Discord token stealer) color-self-2 (Discord token stealer) wafer-text (Environment variable stealer) wafer-countdown (Environment variable stealer) wafer-template (Environment variable stealer) wafer-darla (Environment variable stealer) lemaaa (Discord token stealer) adv-discord-utility (Discord token stealer) tools-for-discord (Disco...
Over a Dozen Malicious NPM Packages Caught Hijacking Discord Servers

Over a Dozen Malicious NPM Packages Caught Hijacking Discord Servers

Dec 09, 2021
At least 17 malware-laced packages have been discovered on the NPM package Registry, adding to a  recent barrage of malicious software  hosted and delivered through open-source software repositories such as PyPi and RubyGems. DevOps firm JFrog said the libraries, now taken down, were designed to grab Discord access tokens and  environment variables  from users' computers as well as gain full control over a victim's system. "The packages' payloads are varied, ranging from infostealers up to full remote access backdoors," researchers Andrey Polkovnychenko and Shachar Menashe said in a  report  published Wednesday. "Additionally, the packages have different infection tactics, including typosquatting,  dependency confusion  and trojan functionality." The list of packages is below - prerequests-xcode (version 1.0.4) discord-selfbot-v14 (version 12.0.3) discord-lofy (version 11.5.1) discordsystem (version 11.5.1) discord-vilao (version 1.0.0)...
Expert Insights / Articles Videos
Cybersecurity Resources