https://cybercrime.club/tags/worm/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usThu, 23 Apr 2026 07:09:28 -0400https://cybercrime.club/posts/canistersprawl-pgserve-npm-pypi-worm-icp-exfil/Thu, 23 Apr 2026 07:09:28 -0400https://cybercrime.club/posts/canistersprawl-pgserve-npm-pypi-worm-icp-exfil/Malicious pgserve, automagik, xinference, and kube-health releases drop a 1,143-line postinstall stealer that re-publishes itself using stolen npm tokens and exfiltrates to a decentralized ICP canister.supply-chain