fromThe Hacker News
2 days agonpm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers to exfiltrate data to a channel under their control. "Importantly, webhook URLs are effectively write-only," Socket researcher Olivia Brown said in an analysis. "They do not expose channel history, and defenders cannot read back prior posts just by knowing the URL."
Information security