tokens

Blog
digitpatrox3 days ago
9

Malicious PyPi package steals Discord auth tokens from devs

A malicious package named ‘pycord-self’ on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. The package mimics the highly popular ‘discord.py-self,’ which has nearly 28 million downloads, and even offers the functionality of the legitimate project. The official package is a Python library that allows communication with Discord’s…
Read More »
Blog
digitpatroxDecember 20, 2024
41

Malicious Rspack, Vant packages published using stolen NPM tokens

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. The supply chain attack, spotted by both Sonatype and Socket researchers, deployed the XMRig cryptocurrency miner on compromised systems for mining the hard-to-trace Monero privacy cryptocurrency. Additionally, Sonatype discovered that all three npm packages fell…
Read More »
Blog
digitpatroxOctober 20, 2024
83

Internet Archive breached again through stolen access tokens

The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens. Since last night, BleepingComputer has received numerous messages from people who received replies to their old Internet Archive removal requests, warning that the organization has been breached as they did not correctly rotate their stolen…
Read More »
Blog
digitpatroxAugust 15, 2024
145

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. Attackers stealing these tokens could gain unauthorized access to private repositories, steal source code, or inject malicious code into projects. The discovery by Palo Alto Networks’ Unit 42 prompted action by owners of…
Read More »

tokens

Malicious PyPi package steals Discord auth tokens from devs

Malicious Rspack, Vant packages published using stolen NPM tokens

Internet Archive breached again through stolen access tokens

GitHub Actions artifacts found leaking auth tokens in popular projects

Should You Lower Tire Pressure to Gain Traction in Snow?

Why You Should Keep All Your Linux Dotfiles on GitHub

AI-generated code risks: What CISOs need to know

Platform engineering has a whole host of problems — developers are struggling with disparate device and OS environments and still writing embedded code with custom solutions

The Pixel Watch 3 Can Detect When Your Heart Stops

Exploding pagers kill at least eight and injure thousands in an attack on Hezbollah

All National Level Hunters in Solo Leveling, Ranked

HP OmniBook Ultra Flip 14 review

The Best TV Series to Stream This Week

TikTok Is Pushing Old and False News as ”Breaking” Alerts

These Are the Budget Earbuds to Care About

How to enable Do Not Track on your web browser for Windows