New PyPI Package Zlibxjson Steals Discord, Browser Data
According to Fortinet, PyPI package Zlibxjson steals Discord tokens and browser data, including passwords and extensive user information
Password security helps prevent unauthorized access, while weak or reused credentials can expose accounts, systems, and sensitive data.
Search across headline titles and summaries.
Background for this topic.
Passwords are secret strings used to verify identity and control access to accounts, devices, applications, and services. They remain a common authentication method, but their security depends mainly on secrecy, length, and uniqueness rather than predictable complexity rules. A password reused across services can expose multiple accounts if one service is compromised; short, common, or previously leaked passwords are more susceptible to guessing and automated credential-stuffing attacks.
Practical defenses include using a password manager to generate and store a distinct, long password for each service, blocking known compromised passwords, and enabling multi-factor authentication (MFA) where available. Organizations should protect stored passwords with slow, salted one-way hashing, restrict and monitor authentication attempts, and provide secure recovery processes. Password changes are most useful after suspected compromise or exposure, rather than as routine changes that encourage predictable variations. Security teams should also treat password databases and reset mechanisms as sensitive assets during vulnerability assessment and incident response.
According to Fortinet, PyPI package Zlibxjson steals Discord tokens and browser data, including passwords and extensive user information
A network of more than 2,600 Telegram bots has helped exfiltrate one-time passwords and data from devices for more than two years.
A new malicious campaign has been observed making use of malicious Android apps to steal users' SMS messages since at least February 2022 as part of a large-scale campaign
A malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware and steal one-time 2FA passwords (OTPs) for over 600 services. [...]
Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild