Security researchers have identified a highly sophisticated npm supply chain attack dubbed CanisterWorm. Orchestrated by a threat actor tracked as “TeamPCP,” the campaign successfully compromises legitimate npm publisher namespaces. The attackers inject malicious payloads into SDK packages, creating a wormable threat that autonomously spreads across the broader npm ecosystem. Attack Mechanics and Propagation The infection […] The post New CanisterWorm Malware Targets npm Tokens In Supply Chain Campaign appeared first on Cyber Security News.