Security News

Cybersecurity news aggregator

⚔️
HIGH Attacks Reddit r/netsec

Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets Attackers

npmci-cdgithubbackdoorsoftware-compromise
The article describes a supply chain attack where threat actors compromised the npm publisher accounts for @emilgroup and @teale.io, deploying a backdoor across 29+ packages. The attack used a worm-like mechanism to spread between these accounts and leveraged an Internet Computer Protocol (ICP) canister to deliver subsequent malicious payloads to compromised CI/CD environments. Specific version ranges, CVSS scores, and patching guidance are not provided in the source material.
Read Full Article →

Research / Security News CanisterWorm: npm Publisher Compromise Deploys Backdoor Across 29+ Packages The worm-enabled campaign hit @emilgroup and @teale.io, then used an ICP canister to deliver follow-on payloads. By Socket Research Team - Mar 20, 2026

Related Articles

HIGH Trusted by default: The npm attack pattern security teams miss SC Media HIGH Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft Microsoft Security Blog HIGH Grafana Labs Says Code Breach Stemmed from TanStack Attack Infosecurity Magazine MEDIUM STARDUST CHOLLIMA Likely Compromises Axios npm Package CrowdStrike
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn