Post #8645

⚠️ WARNING - A Trivy-linked supply chain attack has escalated into a self-propagating npm worm now spreading across dozens of packages. It steals npm tokens, republishes itself, and spreads through developer machines and CI. Uses an ICP canister to rotate payloads and resist takedowns. 🔗 How the worm spreads and updates payloads → https://thehackernews.com/2026/03/trivy-supply-chain-attack-triggers-self.html