Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

Security Aid March 21, 2026 1 minute read

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.
The name is a reference to the fact that the malware uses an ICP canister, which refers to tamperproof smart contracts onThe threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.
The name is a reference to the fact that the malware uses an ICP canister, which refers to tamperproof smart contracts on The Hacker NewsRead More

About The Author

Security Aid

See author's posts

Security Aid

Related Stories

Critical Quest KACE Vulnerability Potentially Exploited in Attacks

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

FBI links Signal phishing attacks to Russian intelligence services