Post #8855

🛑 Supply chain attacks are stacking across npm, PyPI, and GitHub. CanisterSprawl worm steals npm tokens via postinstall scripts, republishes infected packages, and spreads across ecosystems. Other campaigns add backdoored packages, LLM proxy abuse, and GitHub Actions exploits. 🔗 Read → https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html