Supply Chain Security

3 articles in this category

AI NewsSupply Chain SecurityMalware

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm has infected 47 npm packages, using ICP canisters for C2 resolution and self-propagating via stolen developer authentication tokens.

Mar 21, 2026

AI NewsSupply Chain SecurityAI Tools

Cline CLI 2.3.0 Supply Chain Attack: OpenClaw Installed via Compromised NPM Token

Cline CLI 2.3.0 was compromised via a stolen npm token to install OpenClaw, affecting approximately 4,000 downloads during an eight-hour window on February 17, 2026.

Feb 20, 2026

AI NewsCybersecuritySupply Chain Security

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

A worm-like attack flooded npm with 67,579 fake packages over two years, exploiting manual execution to evade detection.

Nov 13, 2025