npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
Researchers have discovered malicious packages in npm, Python, and Ruby ecosystems that use Discord as a command-and-control channel to send stolen developer data. The use of Discord webhooks allows attackers to transmit information without needing authentication, posing a significant security risk.