A new wave of supply chain attacks is hitting the npm ecosystem through a self-propagating malware campaign known as CanisterWorm. The threat, linked to a group tracked as “TeamPCP,” compromises legitimate publisher namespaces and pushes poisoned package versions, effectively turning trusted developer tools into silent delivery mechanisms for credential-stealing code. CanisterWorm first came to public […] The post New CanisterWorm Steals npm Tokens and Spreads Through Compromised Publisher Accounts appeared first on Cyber Security News.