SECURITYTHE HACKER NEWS
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
Cybersecurity researchers have identified compromised npm packages delivering a self-propagating worm that steals developer tokens to spread through supply chains. The worm, named CanisterSprawl by Socket and StepSecurity, uses an ICP canister to exfiltrate stolen data.