# OSINT Post — @thehackernews msg 8645

*Saturday, March 21, 2026 at 7:30 AM UTC — Hamer Intelligence Services Desk*

**Posted**: 2026-03-21T07:30:28.000Z (2mo ago)
**Fetched**: 2026-03-21T21:32:24.268Z (2mo ago)
**Views**: 4
**Media**: photo
**Link**: https://t.me/thehackernews/8645
**Permalink**: https://hamerintel.com/data/posts/2492.md
**Source**: https://hamerintel.com/sources

---

⚠️ WARNING - A Trivy-linked supply chain attack has escalated into a self-propagating npm worm now spreading across dozens of packages.It steals npm tokens, republishes itself, and spreads through developer machines and CI. Uses an ICP canister to rotate payloads and resist takedowns.🔗 How the worm spreads and updates payloads → https://thehackernews.com/2026/03/trivy-supply-chain-attack-triggers-self.html