CSOonline

Software supply chain attack impacts repo of large Discord bot community

A platform called Top.gg that’s used to publish bots for the popular Discord chat app recently had one of its GitHub repositories poisoned with malicious code as part of a larger software supply chain ...
Threat Post

Malicious npm Code Packages Built for Hijacking Discord Servers

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm) code ...