Compromised Namastex npm packages spread CanisterWorm in TeamPCP-style supply chain attack
VPN Central [Unofficial]
April 22, 2026
A new npm supply chain attack hit packages tied to Namastex.ai, turning trusted package names into delivery vehicles for CanisterWorm, a self-propagating backdoor that steals credentials and republishes infected packages from compromised publisher accounts. Socket researchers say the malicious Namastex releases match the same tradecraft seen in earlier CanisterWorm activity, which had already spread across […]
The post Compromised Namastex npm packages spread CanisterWorm in TeamPCP-style supply chain attack appeared first on VPN Central.
Discussion in the ATmosphere