Devops
- Trivy Supply Chain Attack Escalates: CanisterWorm Self-Spreads to 47 npm Packages
The TeamPCP supply chain attack on Trivy's GitHub Actions has escalated: stolen npm tokens are now fuelling CanisterWorm, a self-propagating worm that has already compromised 47+ npm packages using a decentralised ICP canister as C2.