Hacker News
TeamPCP Campaign Expands Beyond Trivy: CanisterWorm Hits npm Ecosystem, LAPSUS$ Collaboration Suspected
The TeamPCP threat actor behind the Trivy and LiteLLM compromises has expanded operations to the npm ecosystem via a worm called CanisterWorm, leveraging stolen publish tokens. Wiz Research, Datadog Security Labs, Snyk, and Sonatype are all tracking the campaign, which now spans Python (PyPI) and JavaScript (npm) ecosystems. The group is reportedly collaborating with LAPSUS$ on extortion operations. This is no longer an isolated incident — it's a coordinated multi-ecosystem supply chain campaign targeting the AI development toolchain specifically.
Source
↳ Follow the thread