The tool you use to check if your code is secure just became the way attackers got in.
Trivy is one of the most widely used vulnerability scanners in DevOps. Millions of developers rely on it to find security issues in containers, code, and infrastructure. On March 19, it was compromised.
A group called TeamPCP injected credential-stealing malware into official Trivy releases and GitHub Actions. Every developer who ran Trivy during the compromised window did not scan for vulnerabilities. They installed one.
Then it got worse.
CanisterWorm
The initial compromise spawned something new: CanisterWorm. A self-propagating npm worm that stole developer tokens from infected machines, then used those tokens to publish malicious versions of the developer’s own packages.
141 package artifacts across 66 npm packages were infected. Each infected package then infected whoever installed it. Self-propagating. Automatic. Silent.
The novel part: CanisterWorm used an Internet Computer blockchain canister as its command-and-control server. Not a traditional server that can be taken down. A decentralized, immutable smart contract that cannot be easily killed.
This is the first documented attack to use blockchain as a C2 dead-drop resolver. The attackers learned from every previous takedown and designed a system that resists the standard response playbook.
The irony that keeps me up at night
A vulnerability scanner. A tool whose entire purpose is security. Became the attack vector.
This is not like a random npm package being compromised. This is the tool that guards the gate being turned into the thing that opens it. Every developer who ran Trivy was doing the responsible thing. They were checking their code for problems. And that act of responsibility is what got them compromised.
If you cannot trust your security tools, what can you trust?
What this means for everyone
The supply chain attack surface in software is now the most dangerous vector in the industry. It is not about your code anymore. It is about every tool, every dependency, every GitHub Action, every CI pipeline component that touches your code.
The attack chain: compromised scanner → stolen tokens → infected packages → infected downstream users → more stolen tokens → more infected packages. Each link is automated. Each link is silent. Each link multiplies.
One compromised tool. 141 infected packages. Thousands of potentially compromised environments. And a blockchain-based C2 that is still running because you cannot send a takedown notice to a smart contract.
The lesson nobody wants to hear
Security is not a product you install. It is not a scanner you run. It is not a checkbox on a compliance form.
The moment you trust a tool completely is the moment it becomes your biggest vulnerability. Because attackers know what you trust, and that is exactly where they aim.
Sources: The Hacker News, Wiz, Mend.io
[Draft: Awaiting Carlos’s twist]