Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

Updated on March 21, 2026

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.
The name is a reference to the fact that the malware uses an ICP canister, which refers to tamperproof smart contracts on…

Read the rest of the story at Read More

Source: The Hacker News

December 17, 2025 Uncategorized

SonicWall Fixes Actively Exploited CVE-2...

November 11, 2025 Uncategorized

GootLoader Is Back, Using a New Font Tri...

November 28, 2024 Uncategorized

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

Related posts

SonicWall Fixes Actively Exploited CVE-2...

GootLoader Is Back, Using a New Font Tri...

U.S. Telecom Giant T-Mobile Detects Netw...

Leave a Comment Cancel reply

Recent News

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks