Thursday 23 April 2026

The npm Worm That Spreads Itself: Supply Chain Attacks Just Got Scarier

A self-replicating worm is quietly colonising npm; ransomware gangs are experimenting with post-quantum crypto; and SpaceX just offered $60 billion for an AI coding tool.

Lead story

The npm Worm That Spreads Itself: Supply Chain Attacks Just Got Scarier

Something new and genuinely unsettling landed in the npm ecosystem this week. Researchers at Socket and StepSecurity independently identified a supply chain attack — tracked as CanisterSprawl — that doesn't just infect packages and wait. It actively spreads itself.

Here's how it works. Malicious code embedded in compromised npm packages steals the developer's authentication tokens. It then uses those stolen credentials to publish further poisoned packages under the victim's own account — turning every compromised developer into an unwitting distribution node. The stolen tokens are exfiltrated to an ICP (Internet Computer Protocol) canister, a decentralised backend that's harder to take down than a traditional command-and-control server. Think of it as ransomware logic applied to a package registry: each new victim becomes part of the infection apparatus.

This is qualitatively different from the typical supply chain compromise, where an attacker quietly slips malicious code into a popular library and waits for downstream developers to pull it in. CanisterSprawl has a self-propagation mechanism — a worm, in the classical sense. That's a meaningful escalation in the threat model for open-source ecosystems.

The npm registry is a spectacularly attractive target. It hosts over three million packages and sees billions of downloads a week. Even a modestly popular package with a poisoned dependency can reach tens of thousands of development environments almost instantly. And because developers generally trust packages published by known maintainers, a token-theft-and-republish attack is almost perfectly camouflaged — the provenance looks legitimate because it technically is.

The ICP canister choice for exfiltration is worth noting. Blockchain-based infrastructure is increasingly being exploited for C2 and data theft precisely because traditional security tooling struggles with it. You can't just null-route a domain or take down a server. It's a technique that's been maturing quietly, and CanisterSprawl appears to be one of the more sophisticated deployments seen in the wild.

What defenders should do right now: audit your npm token permissions and rotate any that aren't scoped to the minimum necessary access. Enable npm's granular token controls and consider requiring publish attestation for any packages your organisation maintains. If you run a CI/CD pipeline, treat your npm tokens like production secrets — because attackers already do.

This also lands the same week that malicious Docker images were pushed to the official Checkmarx KICS repository on Docker Hub, overwriting existing tags with trojanised versions. The timing is coincidental but illustrative: software supply chains are under sustained, coordinated pressure from multiple directions simultaneously.

The broader question this raises is whether current SBOM (Software Bill of Materials) practices are keeping pace. A separate analysis published this week argues they're not — that SBOMs generate plenty of data but lack the governance layer needed to turn that data into actionable decisions. CanisterSprawl is a perfect illustration of the gap: your SBOM tells you what's in your dependency tree, but it won't flag that the publisher's account was hijacked and the package was re-signed with stolen credentials five minutes ago.

Watch for: whether npm (owned by GitHub, owned by Microsoft) introduces stricter publish-flow controls in response, and whether the ICP community takes action against canisters used for malicious exfiltration. Neither has a strong precedent for rapid intervention here.

Also today

France's ID Agency Breached — Up to 19 Million Records Claimed Stolen

France Titres, the government body responsible for issuing passports, national identity cards, and driving licences, has confirmed a data breach after a threat actor claimed to have exfiltrated records on up to 19 million French citizens. The agency acknowledged the incident while investigations continue, though it hasn't confirmed the claimed scope of the theft. This is a particularly sensitive breach given the nature of the data — identity documents are the bedrock of French civil administration, and stolen records could fuel identity fraud for years. French police have separately arrested a suspect believed to be behind dozens of related attacks on public institutions.

TechCrunch ↗

Kyber Ransomware Brings Post-Quantum Encryption to the Attack Side

A newly identified ransomware group is experimenting with Kyber1024 — a NIST-approved post-quantum key encapsulation algorithm — in at least one variant of its Windows and VMware ESXi malware. The practical encryption impact is minimal for now, since symmetric AES still does the heavy file-scrambling, but the use of a quantum-resistant key exchange suggests attackers are thinking ahead to a future where decryption might theoretically be reversed by quantum computers. It's more proof-of-concept than operational threat at this stage, but it signals that ransomware operators are paying close attention to the post-quantum migration debate happening in enterprise security.

Bleeping Computer ↗

Claude Mythos Found 271 Firefox Bugs — But CISA Wasn't Invited

Anthropic's AI-powered vulnerability research tool, Mythos, identified 271 security flaws in Firefox during a preview programme involving several US federal agencies. Mozilla noted the findings were serious but consistent with what a highly skilled human researcher could find — not a step-change in capability, but a meaningful acceleration. More awkwardly, it's emerged that CISA — the US government's central cybersecurity body — was excluded from the Mythos preview, while agencies like the Commerce Department and NSA were given access. The omission is baffling given CISA's national coordination role, and appears to reflect ongoing institutional turbulence at the agency.

SecurityWeek ↗

Dutch Intelligence: China's Cyber Capabilities Now Match the US

The Dutch General Intelligence and Security Service (AIVD) has published a blunt assessment: China's offensive cyber capabilities are now broadly equivalent to those of the United States, and the threat is largely going undetected by both intelligence agencies and private-sector defenders. The assessment describes Chinese operations as sufficiently sophisticated that they regularly slip through without attribution. It arrives alongside warnings from UK NCSC chief that Britain is handling four nationally significant cyber incidents every week, with the majority now traced to Russia, Iran, and China rather than criminal groups — a notable shift in the threat landscape.

The Record ↗

North Korean Hackers Used AI to Steal $12M in Three Months

A North Korean threat group stole up to $12 million in cryptocurrency during the first quarter of 2026, and researchers say AI tools played a central role in the campaign. The group used AI for everything from generating convincing fake company websites to "vibe coding" malware — producing functional attack tools with minimal traditional programming expertise. The findings are significant because they suggest AI is meaningfully lowering the bar for less technically proficient state-sponsored hackers, effectively multiplying the threat surface without requiring a commensurate increase in skill. Crypto and venture capital firms remain the primary targets.

WIRED Security ↗

Lotus Wiper Malware Targeted Venezuela's Energy Grid

Kaspersky researchers have documented a previously unknown data wiper, dubbed Lotus Wiper, that was deployed against Venezuela's energy and utilities sector in late 2025 and early 2026. The malware used batch scripts to overwrite drives, destroy recovery mechanisms, and systematically delete files — a design focused on making systems unrecoverable rather than extracting data. The timing, preceding US intervention in the region, adds geopolitical weight to the incident. Wiper malware against critical infrastructure has become a recurring playbook in conflicts with cyber dimensions, and this represents one of the first documented cases targeting Latin American energy systems at this scale.

The Record ↗

SpaceX Tables $60B Acquisition Offer for AI Coding Tool Cursor

Cursor, the AI-powered coding assistant that had been in the final stages of closing a $2 billion funding round, abruptly halted those discussions after SpaceX tabled an offer that included a $10 billion "collaboration fee" and a path to a $60 billion full acquisition. The deal would give SpaceX a serious coding AI capability as it pushes deeper into autonomous engineering workflows. It also exposes a shared weakness: neither Cursor nor SpaceX's xAI has frontier models that match Anthropic's Claude or OpenAI's offerings — the same companies now competing directly with Cursor in the developer tools market. Stratechery's Ben Thompson argues the deal reflects Apple's hardware-first future freeing up Cursor to bet on a different computing paradigm.

TechCrunch ↗

OpenAI Launches Workspace Agents for Business ChatGPT

OpenAI has rolled out Codex-powered "workspace agents" for Business, Enterprise, Edu, and Teachers plan subscribers — cloud-based bots that can automate multi-step workflows across tools like Gmail, Slack, and internal databases without constant human oversight. Example use cases include agents that monitor the web for product feedback and post summaries to Slack, or sales agents that draft follow-up emails automatically. The launch puts OpenAI in more direct competition with Google's Gemini agent platform and Anthropic's Claude for enterprise automation budgets. It also deepens the question of how organisations govern what these agents are permitted to do autonomously.

OpenAI Blog ↗

Google's New TPUs Take Aim at Nvidia — and Mira Murati's Startup Bets on Them

Google unveiled two new Tensor Processing Unit families at Cloud Next in Las Vegas — one optimised for training, one for inference — promising faster performance and lower costs than previous generations. The announcement was accompanied by news that Mira Murati's Thinking Machines Lab has signed a multibillion-dollar deal to run on Google Cloud infrastructure powered by Nvidia's GB300 chips, not the new TPUs. The TPU launch is Google's clearest signal yet that it wants enterprises to reduce Nvidia dependency, but the fact that even a Google-aligned startup chose Nvidia hardware for its flagship workloads tells you the competitive gap isn't closed yet.

TechCrunch ↗

Microsoft Emergency Patch: Critical ASP.NET Core Privilege Escalation Flaw

Microsoft pushed an out-of-band update to fix CVE-2026-40372, a critical privilege escalation vulnerability in ASP.NET Core scoring 9.1 on the CVSS scale. The flaw stems from improper verification of cryptographic signatures, and it affects macOS and Linux deployments in addition to Windows — an increasingly common pattern as .NET becomes more cross-platform. The patch was released outside Microsoft's normal monthly cycle, signalling the company views exploitation risk as urgent. Organisations running ASP.NET Core applications on any platform should treat this as a high-priority update regardless of their standard patching cadence.

Bleeping Computer ↗

CISA Director Nominee Withdraws After More Than a Year of Waiting

Sean Plankey, the White House's pick to lead the Cybersecurity and Infrastructure Security Agency, has withdrawn his nomination after waiting over a year without a confirmation hearing being scheduled. The withdrawal leaves CISA — already weakened by budget cuts and staff departures — without a confirmed director at a moment when the UK, Dutch, and US intelligence communities are all issuing unusually direct warnings about nation-state cyber threats. The agency now faces a leadership vacuum precisely when its coordination role is most needed. There's no immediate indication of who the administration will nominate next, or when.

CyberScoop ↗

Sources consulted