#canisterworm
#canisterworm

[ follow ]

Self-propagating malware poisons open source software and wipes Iran-based machines

CanisterWorm, as Aikido has named the malware, targets organizations' CI/CD pipelines used for rapid development and deployment of software. Every developer or CI pipeline that installs this package and has an npm token accessible becomes an unwitting propagation vector.

Information security

fromThe Hacker News

2 weeks ago

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

A supply chain attack on Trivy scanner has led to the emergence of CanisterWorm, compromising numerous npm packages.

[ Load more ]

#canisterworm#canisterworm

Self-propagating malware poisons open source software and wipes Iran-based machines

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

#canisterworm
#canisterworm