CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Supply chain compromise in Trivy scanner triggers CanisterWorm propagation across CI/CD pipelines

First reported
Last updated
5 unique sources, 8 articles

Summary

Hide ▲

Supply chain compromise in the Trivy vulnerability scanner triggered the CanisterWorm propagation across CI/CD pipelines, now expanding to additional open-source ecosystems and involving multiple advanced threat actors. The TeamPCP threat group continues to monetize stolen supply chain secrets through partnerships with extortion groups including Lapsus$ and the Vect ransomware operation, with Wiz (Google Cloud) and Cisco confirming collaboration and horizontal movement across cloud environments. A new npm supply chain malware campaign discovered on April 24, 2026, shows self-propagating worm-like behavior via @automagik/genie and pgserve packages, stealing credentials and spreading across developer ecosystems while using Internet Computer Protocol (ICP) canisters for command and control. The malware shares technical similarities with prior TeamPCP campaigns, including post-install scripts and canister-based infrastructure, potentially indicating ongoing evolution of the threat actor's tactics or a new campaign leveraging established infrastructure. The Axios NPM package compromise via malicious versions 0.27.5 and 0.28.0 delivered a multi-platform RAT through a malicious dependency impersonating crypto-js, with attribution disputes suggesting either TeamPCP involvement or North Korean actor UNC1069 (Google's Threat Intelligence Group). Cisco's internal development environment was breached using stolen Trivy-linked credentials via a malicious GitHub Action, resulting in the theft of over 300 repositories including proprietary AI product code and customer data from banks, BPOs, and US government agencies. Multiple AWS keys were abused across a subset of Cisco's cloud accounts, with multiple threat actors participating in the breach.

Timeline

  1. 31.03.2026 23:55 2 articles · 24d ago

    UNC1069 attributed to Axios NPM package supply chain compromise via precision attack

    The Axios JavaScript NPM package compromise via malicious versions 0.27.5 and 0.28.0 delivered a multi-platform RAT through a malicious dependency named 'plain-crypto-js', executing platform-specific second-stage payloads before anti-forensic cleanup. The attack originated from compromise of the lead maintainer's account 'jasonsaayman', bypassing Axios' OIDC-based publishing pipeline. Google's Threat Intelligence Group attributes the incident to suspected North Korean actor UNC1069, indicating a potential shift from initial TeamPCP attribution and suggesting actor diversification or false-flag operations in the expanding supply chain campaign targeting open-source ecosystems.

    Show sources
    Open in new tab
  2. 31.03.2026 20:53 3 articles · 24d ago

    Cisco dev environments breached using Trivy-linked malicious GitHub Actions

    Cisco's internal development environment breach linked to the Trivy supply chain compromise continues to reveal broader impacts, with the theft of over 300 repositories including proprietary AI product code and code belonging to corporate customers such as banks, BPOs, and US government agencies. Attackers used stolen AWS keys to conduct unauthorized activities across a subset of Cisco's AWS accounts, with multiple threat actors observed participating in the breach. This phase is further supported by ongoing investigations into the operational sophistication of the Trivy-linked attacks, including the use of malicious GitHub Actions and the breadth of exfiltrated data across cloud-native environments.

    Show sources
    Open in new tab
  3. 23.03.2026 15:14 6 articles · 1mo ago

    CanisterWorm propagates via compromised Trivy scanner in CI/CD pipelines

    CanisterWorm continues evolving its propagation mechanisms beyond the initial Trivy-based compromise, with new evidence of self-propagating npm malware campaigns using @automagik/genie and pgserve packages that steal credentials and spread via developer ecosystems. Socket research identifies worm-like behavior including npm token extraction, malicious package injection, and republish attempts, along with PyPI propagation capability via .pth file injection. The malware uses dual exfiltration channels (HTTPS webhook and ICP canisters) and targets sensitive data including cloud credentials, CI/CD tokens, SSH keys, browser-stored secrets, and cryptocurrency wallets—features that mirror prior TeamPCP-linked campaigns and infrastructure patterns, suggesting either ongoing evolution of TeamPCP's tactics or a new campaign leveraging established techniques and command-and-control infrastructure.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Compromise of CPUID distribution channels delivers trojanized system monitoring tools

A threat actor compromised CPUID’s distribution infrastructure to deliver trojanized versions of CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor between April 9–10, 2026, deploying the STX RAT alongside a multi-stage installer using DLL side-loading. The compromise lasted approximately 19 hours, affecting at least 150 victims across multiple sectors and geographies, with the attackers reusing infrastructure and tactics from a prior FileZilla campaign. CPUID confirmed the breach was limited to distribution links and has since restored clean versions, though the developer’s unavailability during the incident may have contributed to the prolonged exposure.

Open in new tab

Targeted social engineering of Axios maintainer enables UNC1069 npm supply chain compromise via WAVESHAPER.V2 implant

A maintainer of the widely used Axios npm package was targeted in a highly tailored social engineering campaign attributed to North Korean threat actor UNC1069, resulting in the compromise of npm account credentials and the publication of two trojanized versions of Axios (1.14.1 and 0.30.4). Google Threat Intelligence Group (GTIG) attributed the attack to UNC1069 based on the use of WAVESHAPER.V2 and infrastructure overlaps with past activities. The malicious packages were available for roughly three hours and injected a plain-crypto-js dependency that installed a cross-platform RAT, enabling credential theft and downstream compromise. The campaign also targeted additional maintainers, including Pelle Wessman (Mocha framework) and Node.js core contributors, revealing a coordinated effort against high-impact maintainers. The intrusion began with reconnaissance-driven impersonation of a legitimate company founder, engagement via a cloned Slack workspace and Microsoft Teams call, and execution of a fake system update that deployed the RAT. Post-incident, the maintainer reset devices, rotated all credentials, adopted immutable releases, introduced OIDC-based publishing flows, and updated GitHub Actions workflows to mitigate future risks.

Open in new tab

Drift Protocol administrative takeover and $285 million loss via Security Council manipulation on Solana

The April 1, 2026, $285 million Drift Protocol loss was part of a broader campaign by North Korea-linked Lazarus Group (TraderTraitor) targeting DeFi protocols. On April 18, 2026, the group executed a $290 million heist against KelpDAO by exploiting its cross-chain verification layer (DVN) via compromised RPC nodes, falsified data injection, and DDoS attacks, laundering funds through Tornado Cash. The attack paused KelpDAO’s rsETH contracts, froze Aave’s rsETH collateral usage, and was isolated to rsETH without broader contagion. Drift Protocol’s Security Council hijacking, attributed to UNC4736 (AppleJeus/Labyrinth Chollima), and KelpDAO’s DVN compromise both align with Lazarus Group’s pattern of sophisticated state-sponsored attacks on DeFi infrastructure.

Open in new tab

Supply chain compromise of axios npm package delivers cross-platform RATs via malicious dependency

A North Korea-nexus threat actor (UNC1069) compromised the npm account of axios maintainer Jason Saayman via a two-week social engineering campaign and published malicious axios versions v1.14.1 and v0.30.4 containing the plain-crypto-js dependency to deliver cross-platform RATs with full unilateral control capabilities, bypassing 2FA. The attack’s blast radius has expanded beyond developer ecosystems after OpenAI revealed that a GitHub Actions workflow used for macOS app signing downloaded the malicious axios library, prompting OpenAI to revoke its macOS app certificate as a precaution despite no evidence of compromise. This incident underscores the escalating risks of supply chain compromises, with Google warning that hundreds of thousands of stolen secrets from the axios and Trivy attacks could fuel further software supply chain attacks, SaaS compromises, ransomware, and cryptocurrency theft. The campaign reflects an industrialized social engineering model targeting high-value individuals and open source maintainers, leveraging AI-enhanced trust-building and matured attacker tooling. Additional supply chain attacks in March 2026, such as the compromise of Trivy by TeamPCP (UNC6780), have compounded the threat landscape, exposing organizations like the European Commission and Mercor to downstream risks.

Open in new tab

Ongoing Ghost Cluster Targets npm and GitHub in Multi-Stage Credential and Crypto Wallet Theft Campaign

A coordinated campaign tracked as Ghost continues to target developers via malicious npm packages and GitHub repositories to deploy credential stealers and cryptocurrency wallet harvesters. The operation leverages social engineering and multi-stage infection chains, including fake installation wizards that request sudo/administrator privileges and deceptive npm logs simulating dependency downloads and progress indicators. Stolen data—including browser credentials, crypto wallets, SSH keys, and cloud tokens—is exfiltrated to Telegram channels and BSC smart contracts. The campaign employs a dual monetization model combining credential theft via Telegram channels with affiliate link redirections stored in a BSC smart contract. Malicious npm packages first appeared under the user 'mikilanjijo', with operations beginning as early as February 2026 and expanding to at least 11 packages such as react-performance-suite and react-query-core-utils. The final payload is a remote access trojan that downloads from Telegram channels, decrypts using externally retrieved keys, and executes locally using stolen sudo passwords to harvest credentials and deploy GhostLoader.

Open in new tab