devtake.dev
AI Security Open Source Hardware Apple Policy
Product

CanisterWorm

RSS
2 articles First covered Apr 18, 2026, latest Apr 28, 2026
Socket security research card promoting the CanisterWorm Namastex compromise analysis.
Security·

Another npm worm: CanisterWorm hits 16 Namastex packages and reaches PyPI on the same hop

Socket flagged a self-propagating worm in @automagik/genie, pgserve, and 14 sibling Namastex Labs packages. It steals 40 credential categories and republishes itself.

Trivy logo, the open-source vulnerability scanner from Aqua Security
Security·

Trivy got hijacked: 75 of 76 version tags rewrote to drop a CI secret-stealer

Attackers force-pushed 75 of 76 trivy-action tags to a malicious commit. Pinning by tag turned a trusted scanner into an infostealer for CI pipelines.