DevOps security firm JFrog discovered 17 new malicious packages in the npm (Node.js package manager) repository that intentionally seek to attack and steal a user’s Discord tokens. Shachar Menashe, senior director of JFrog security research, and Andrey Polkovnychenko said the packages intentionally seek to hijack a user’s Discord token, effectively giving them full control over the user’s account.

Read full article on ZDNet