Skip to content
The Nexus
SECURITYApr 22 · 17:33 UTCTHE HACKER NEWS[email protected] (The Hacker News)

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Cybersecurity researchers have identified compromised npm packages delivering a self-propagating worm that steals developer tokens to spread through supply chains. The worm, named CanisterSprawl by Socket and StepSecurity, uses an ICP canister to exfiltrate stolen data.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this