Tag: discord
11 articles

Webworm Expands Arsenal with EchoCreep, GraphWorm Backdoors
Meet Webworm's latest tricks: EchoCreep and GraphWorm, two custom backdoors that let the China-aligned actor control and manipulate systems using unconventional channels like Discord and Microsoft Graph API. These new tools enable file uploads, downloads, and command execution, showcasing Webworm's creative approach to cyber threats.

Discord Deploys End-to-End Encryption on Voice, Video Calls
Big news for Discord users: the platform has just rolled out end-to-end encryption for all voice and video calls by default, giving you an extra layer of security and peace of mind when chatting with friends or colleagues. This major update is powered by the innovative DAVE protocol, designed to keep your conversations private and secure.

China-Linked APT Group Exploits Legitimate Services for Covert Ops
ESET researchers have uncovered a treasure trove of clues, analyzing 6,044 Slack messages and 3,005 Discord messages that reveal the covert operations of a China-linked APT group, dubbed GopherWhisper, which has been active since at least 2023. The recovered logs provide a rare glimpse into the group's tactics, thanks to hardcoded credentials in Go-based backdoors that gave investigators access to the group's command and control channels.

China-Linked GopherWhisper Targets Mongolian Government Systems with Go Backdoors
A China-linked cyber group, dubbed GopherWhisper, has been targeting Mongolian government systems with a suite of Go-based backdoors, infecting at least 12 systems and potentially dozens more. The attackers used clever tactics, routing command-and-control traffic through compromised Discord and Slack servers.

Discord Group Exploits Claude's Secret AI Model
A fresh controversy is brewing over Anthropic's highly touted AI model, Mythos, after a Discord group exploited a secret pathway to access the powerful technology. The AI Security Institute had praised Mythos as a significant leap forward, but its limited release to select partners like Nvidia and Apple has raised new questions about access control.

ShinyHunters Exclusive: Damaging Corporate Extortion Wave
The ShinyHunters campaign has escalated from quiet database dumps to brazen public extortion—naming victims, posting timetables, and using voice‑phishing plus massive file thefts that could turn single breaches into a supply‑chain crisis. Corporations now face a stark choice: pay ransoms or risk a public dump of sensitive customer and corporate data.

ShinyHunters extortion: Stunning Risky Corporate Threat
Imagine waking up to find your company’s secrets posted online unless you pay up — that’s the stark reality dozens of firms now face after ShinyHunters launched a brazen public extortion site. This escalation — tied to prior Salesforce, Discord, and Red Hat breaches — raises the stakes for stronger security, faster incident response, and clearer vendor transparency.

ShinyHunters Exclusive: Dangerous Corporate Extortion
ShinyHunters has escalated from voice‑phishing to a public extortion site threatening to dump data from dozens of Fortune 500 companies. That shift puts customers and companies at risk and makes strengthening human‑centric defenses and zero‑trust controls urgently necessary.

Discord webhooks: Powerful but Risky Supply-Chain Threat
Imagine a trusted package quietly sending your API keys to a Discord channel — researchers found npm, PyPI, and RubyGems libraries doing exactly that by abusing Discord webhooks as a simple command-and-control. Protect your projects now: audit and pin dependencies, lock down secrets, and add egress controls before convenience becomes the next supply-chain disaster.

Discord vendor leak: Stunning Risky Data Exposure
Discord says its servers weren’t hacked — but customer IDs and payment details were stolen from a compromised support vendor, showing how outsourcing can turn into a privacy disaster. If you use Discord, now’s the time to check your payment methods, monitor statements, and enable extra protections like MFA.

Web3 cyber threats: Critical Must-Have Defense Guide
EncryptHub is targeting Web3 developers with convincing fake AI platforms, so learn to spot spoofed sites, verify domains and social profiles, and never share private keys. Use hardware wallets, multisig, and secure development practices to keep your projects and funds safe.