TeamPCP Deploys CanisterWorm on NPM Following Trivy Compromise

The threat actor TeamPCP published a malicious package named "CanisterWorm" to the NPM registry after compromising a Trivy security scanner instance. The package was designed to propagate automatically by infecting other projects. The attack was detected and documented by Aikido Security.