Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

Updated on March 21, 2026

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.
The name is a reference to the fact that the malware uses an ICP canister, which refers to tamperproof smart contracts on…

Read the rest of the story at Read More

Source: The Hacker News

September 8, 2025 Uncategorized

You Didn’t Get Phished — You Onboard...

February 11, 2026 Uncategorized

Microsoft Patches 59 Vulnerabilities Inc...

December 19, 2023 Uncategorized

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

Related posts

You Didn’t Get Phished — You Onboard...

Microsoft Patches 59 Vulnerabilities Inc...

8220 Gang Exploiting Oracle WebLogic Ser...

Leave a Comment Cancel reply

Recent News

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks