Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
Ravie LakshmananMar 21, 2026Malware / Threat Intelligence The threat actors behind the supply chain attack targeting the popular Trivy scanner...
supply
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster...
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily...
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index...
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
Ravie LakshmananFeb 02, 2026Developer Tools / Malware Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open...
