my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #KICS

CanisterWorm: How TeamPCP Hijacked Your Security Scanners and Built an Untakeable Botnet

John Z Black Mar 24, 2026

Threat Intelligence #supply-chain #TeamPCP #CanisterWorm #Kubernetes #CI/CD #npm #Trivy #KICS #wiper

TeamPCP compromised Trivy and KICS CI/CD scanner tags, spread CanisterWorm to 47 npm packages, and deployed a Kubernetes wiper targeting Iranian timezones -- all controlled via blockchain C2 that can't be taken down.

Read More