{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreicmyxjspy6k7gkv6nbr6t7mhdivlry3g7v4tceb3zrg7jmkm6wcau",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mhkldluvo5v2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreih2zjrhkdfqaktkq3uvxhnbd5ik3so2a4f6zkkstgfwgjg44rgef4"
    },
    "mimeType": "image/jpeg",
    "size": 429111
  },
  "path": "/2026/03/trivy-supply-chain-attack-triggers-self.html",
  "publishedAt": "2026-03-21T07:28:00.000Z",
  "site": "https://thehackernews.com",
  "textContent": "The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.\nThe name is a reference to the fact that the malware uses an ICP canister, which refers to tamperproof smart contracts on",
  "title": "Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages"
}