Bleeping Computer

Malicious PyPi package steals Discord auth tokens from devs

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. The ...
Bleeping Computer

Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs

Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor ...