Web Scouter
Back to News
Security News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

UnknownApr 22, 2026(3 days ago)

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activity under the name CanisterSprawl owing to the use of an ICP canister to exfiltrate the stolen data

Related News

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

Unknownabout 1 hour ago

CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable

Unknownabout 3 hours ago

CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup

Unknownabout 3 hours ago

Get Personalized Alerts

Track vendors and receive alerts when security incidents affect your supply chain.

What We Monitor

Security Incidents

Data breaches, ransomware, and unauthorized access

Vulnerabilities

CVEs and vendor security advisories

Compliance Updates

Regulatory changes and certification news

Legal News

Privacy laws and enforcement actions

Vendor Directory

Browse our directory of SaaS vendors with security documentation and compliance information.