Between April 21–23, 2026, three coordinated supply chain attacks targeted npm, PyPI, and Docker Hub with a single objective: stealing secrets from developer environments and CI/CD pipelines. Campaign 1 compromised official Checkmarx KICS Docker images and VS Code extensions, harvesting GitHub tokens, AWS/Azure/GCP credentials, SSH keys, and environment variables. Campaign 2 (CanisterSprawl) injected a self-propagating worm into the pgserve npm package that steals publish tokens, republishes itself to victim packages, and can jump to PyPI if a token is found — using an Internet Computer Protocol canister as a decentralized C2. Campaign 3 saw three consecutive malicious releases of xinference on PyPI attributed to TeamPCP, stealing SSH keys, cloud credentials, and crypto wallets. All three attacks focused on credential exfiltration rather than disrupting builds, and teams are urged to audit what secrets were accessible and rotate them immediately.
Table of contents
Campaign 1 - Checkmarx KICS: Compromised Security Scanner Turns on Its UsersCampaign 2 - CanisterSprawl: A Worm That Turns Developer Machines into LaunchpadsCampaign 3 - xinference: TeamPCP Returns to PyPIThe Common ThreadSort: