The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.The name is a reference to the fact that the malware uses an ICP canister, which refers to tamperproof smart contracts on
First seen on thehackernews.com
Jump to article: thehackernews.com/2026/03/trivy-supply-chain-attack-triggers-self.html
