Skip to main content

Tag: discord

11 articles

Laptop screen showing communication platform on a neutral surface with blurred chat interface and cityscape background.

Webworm Expands Arsenal with EchoCreep, GraphWorm Backdoors

Meet Webworm's latest tricks: EchoCreep and GraphWorm, two custom backdoors that let the China-aligned actor control and manipulate systems using unconventional channels like Discord and Microsoft Graph API. These new tools enable file uploads, downloads, and command execution, showcasing Webworm's creative approach to cyber threats.

Analyst 207
Young adults gathered around a computer in a casual setting, engaged in conversation.

Discord Deploys End-to-End Encryption on Voice, Video Calls

Big news for Discord users: the platform has just rolled out end-to-end encryption for all voice and video calls by default, giving you an extra layer of security and peace of mind when chatting with friends or colleagues. This major update is powered by the innovative DAVE protocol, designed to keep your conversations private and secure.

Analyst 207
Modern office setting with subtle digital communication hints.

China-Linked APT Group Exploits Legitimate Services for Covert Ops

ESET researchers have uncovered a treasure trove of clues, analyzing 6,044 Slack messages and 3,005 Discord messages that reveal the covert operations of a China-linked APT group, dubbed GopherWhisper, which has been active since at least 2023. The recovered logs provide a rare glimpse into the group's tactics, thanks to hardcoded credentials in Go-based backdoors that gave investigators access to the group's command and control channels.

Analyst 207
Government office interior with computers and a large window, featuring a subtle network diagram in the background.

China-Linked GopherWhisper Targets Mongolian Government Systems with Go Backdoors

A China-linked cyber group, dubbed GopherWhisper, has been targeting Mongolian government systems with a suite of Go-based backdoors, infecting at least 12 systems and potentially dozens more. The attackers used clever tactics, routing command-and-control traffic through compromised Discord and Slack servers.

Analyst 207
Multiple laptop screens and peripherals on a minimalist desk, with code and Discord interface visible.

Discord Group Exploits Claude's Secret AI Model

A fresh controversy is brewing over Anthropic's highly touted AI model, Mythos, after a Discord group exploited a secret pathway to access the powerful technology. The AI Security Institute had praised Mythos as a significant leap forward, but its limited release to select partners like Nvidia and Apple has raised new questions about access control.

Analyst 207
ShinyHunters Exclusive: Damaging Corporate Extortion Wave

ShinyHunters Exclusive: Damaging Corporate Extortion Wave

The ShinyHunters campaign has escalated from quiet database dumps to brazen public extortion—naming victims, posting timetables, and using voice‑phishing plus massive file thefts that could turn single breaches into a supply‑chain crisis. Corporations now face a stark choice: pay ransoms or risk a public dump of sensitive customer and corporate data.

Analyst 207
ShinyHunters extortion: Stunning Risky Corporate Threat

ShinyHunters extortion: Stunning Risky Corporate Threat

Imagine waking up to find your company’s secrets posted online unless you pay up — that’s the stark reality dozens of firms now face after ShinyHunters launched a brazen public extortion site. This escalation — tied to prior Salesforce, Discord, and Red Hat breaches — raises the stakes for stronger security, faster incident response, and clearer vendor transparency.

Analyst 207
ShinyHunters Exclusive: Dangerous Corporate Extortion

ShinyHunters Exclusive: Dangerous Corporate Extortion

ShinyHunters has escalated from voice‑phishing to a public extortion site threatening to dump data from dozens of Fortune 500 companies. That shift puts customers and companies at risk and makes strengthening human‑centric defenses and zero‑trust controls urgently necessary.

Analyst 207
Discord webhooks: Powerful but Risky Supply-Chain Threat

Discord webhooks: Powerful but Risky Supply-Chain Threat

Imagine a trusted package quietly sending your API keys to a Discord channel — researchers found npm, PyPI, and RubyGems libraries doing exactly that by abusing Discord webhooks as a simple command-and-control. Protect your projects now: audit and pin dependencies, lock down secrets, and add egress controls before convenience becomes the next supply-chain disaster.

Analyst 207
Discord vendor leak: Stunning Risky Data Exposure

Discord vendor leak: Stunning Risky Data Exposure

Discord says its servers weren’t hacked — but customer IDs and payment details were stolen from a compromised support vendor, showing how outsourcing can turn into a privacy disaster. If you use Discord, now’s the time to check your payment methods, monitor statements, and enable extra protections like MFA.

Analyst 207
Web3 cyber threats: Critical Must-Have Defense Guide

Web3 cyber threats: Critical Must-Have Defense Guide

EncryptHub is targeting Web3 developers with convincing fake AI platforms, so learn to spot spoofed sites, verify domains and social profiles, and never share private keys. Use hardware wallets, multisig, and secure development practices to keep your projects and funds safe.

Analyst 207