Discord webhook
-
Webworm adds Discord and Microsoft Graph backdoors in new 2025 campaign
Webworm used new backdoors in 2025 that relied on Discord and Microsoft Graph API for command and control, according to an ESET technical analysis. The group also expanded its proxy tools and targeted government and enterprise networks in Asia and Europe.
-
China-linked GopherWhisper infiltrates Mongolian government systems, ESET says
ESET says a China-aligned group called GopherWhisper targeted Mongolian government institutions, infecting about 12 systems and using Discord, Slack, Outlook and file.io for control and exfiltration.
-
New Python stealer called VVS Stealer harvests Discord tokens and browser data
VVS Stealer is a Python based information stealer that harvests Discord tokens and browser data. A Unit 42 technical analysis found it is Pyarmor obfuscated and offered for sale on Telegram from April 2025.
-
Unit 42 analysis finds VVS stealer targets Discord users and exfiltrates tokens and browser data
A Unit 42 technical analysis found VVS stealer, a Python based malware marketed on Telegram in April 2025, targets Discord and browsers to steal tokens and saved credentials and exfiltrates them via Discord webhooks.
-
Kaspersky: Tomiris APT increasingly uses Telegram and Discord as command-and-control channels
Kaspersky researchers reported that the Tomiris threat actor has targeted diplomatic and government entities, increasingly using public services like Telegram and Discord as command-and-control channels and deploying multi-language implants and open-source C2 frameworks.
-
Israel agency says Iran-linked APT42 ran espionage campaign targeting officials and family members
Israel’s National Digital Agency says an Iran-linked threat actor known as APT42 has been running a campaign called SpearSpecter since early September 2025 that uses personalised social engineering to target senior officials and their family members and deploys a PowerShell backdoor for persistent access.
-
Discord says support vendor breach exposed customer data
Discord said a compromised third-party customer support vendor exposed support tickets and personal details, including billing data and ID images, and that it cut the vendor’s access, launched an investigation and notified law enforcement.
-
Malicious PyPI package ‘soopsocks’ acted as SOCKS5 proxy and Windows backdoor, researchers say
Researchers say a PyPI package called soopsocks posed as a SOCKS5 proxy but included Windows backdoor capabilities, downloaded 2,653 times before removal; analysis attributes reconnaissance, privilege elevation, firewall changes and data exfiltration to a compiled executable and accompanying scripts.
