Cicd
- Trivy Supply Chain Attack Escalates: CanisterWorm Self-Spreads to 47 npm Packages
The TeamPCP supply chain attack on Trivy's GitHub Actions has escalated: stolen npm tokens are now fuelling CanisterWorm, a self-propagating worm that has already compromised 47+ npm packages using a decentralised ICP canister as C2.
- Sweden's E-Government Source Code Is Circulating Online. The Entry Point Was a Jenkins Server.
ByteToBreach compromised CGI Sverige AB and leaked the source code of Sweden's E-plattform -- the digital identity system used across Swedish government authorities. The attack chain started at a misconfigured Jenkins server and required nothing novel.
- n8n RCE: What CISA's KEV Addition Reveals About AI Workflow Tool Security
CISA has added CVE-2025-68613, a critical RCE in n8n, to its Known Exploited Vulnerabilities catalogue. With 24,700+ unpatched instances still online, this is an active threat -- and it exposes a structural problem with self-hosted AI tooling.
- PhantomRaven: How a Four-Wave npm Campaign Used Remote Dynamic Dependencies to Beat Package Scanning
PhantomRaven ran four waves of malicious npm packages from August 2025 to February 2026, stealing developer credentials via a technique called Remote Dynamic Dependencies that places the payload outside the package -- making it invisible to every scanner that inspects package contents.
- Five Malicious Rust Crates and an AI Bot: A Coordinated Supply Chain Attack
In February and March 2026, attackers published five malicious Rust crates to crates.io and used an AI-powered bot to exploit GitHub Actions CI/CD pipelines -- stealing .env secrets and Personal Access Tokens from open source maintainers.