The Federal Bureau of Investigation (FBI) has issued a new cybersecurity alert warning organizations about TeamPCP, a cybercriminal group re
seen from United States
seen from United States
seen from Ireland
seen from Canada
seen from Spain
seen from United States

seen from France
seen from Pakistan
seen from United States

seen from United States
seen from Türkiye
seen from United Kingdom

seen from United States
seen from Italy
seen from United Kingdom
seen from Japan

seen from Germany
seen from United States
seen from Türkiye
seen from China
The Federal Bureau of Investigation (FBI) has issued a new cybersecurity alert warning organizations about TeamPCP, a cybercriminal group re
GitHub Woes, Again
I came into this industry rather sideways. My degree is in Biotech, combining chemistry and biology with a close study of genetics. A variety of factors kept me from using my degree professionally, however, including the fact that I didn’t need to; I was a stay at home parent. I began studying cybersecurity in 2021, after divorce necessitated me getting back into the workforce like so many others, but covid changed the way we do business across the board. And this was a job I could do from home. And then I discovered I enjoyed it, and that it bore similarities to my previous work. Digital viruses behave like biological ones in many, many ways. The sort of research I used to do in genetics translates well into puzzling out malware.
I bring all this up because previous to working in the industry, I was just a user myself. I am of an age to remember the early days of the internet, when one scrupulously kept personal information out of any interaction, when coding language was still a proper skill that took time and effort to comprehend, and when the idea of an open source platform advertising free versions of things was automatically assumed to be fraudulent because nothing in life is free. Two of these have shifted in the decades since the internet has become part and parcel of our daily lives. The third...well.
Catalin Cimpanu, the editor of Risky Bulletin newsletter, states that GitHub is starting to have a real malware problem. Starting? Those of us old enough to remember the wild west days of the web have always seen GitHub as a back alley where morally gray deals were made, and all that implies. It’s still a frontier of risk, to my mind. A place where the payoff of cracked code or gamer cheats is balanced by the odds of getting malware out of the deal. Enter at your own risk. Let me put it this way, when I started this job I was somewhat shocked to learn that the site is actually a legitimate source for software, that’s how strongly I considered it a repository (pun fully intended) for trouble.
But that brings me to the point here. CanisterWorm, the latest international cyber threat allegedly being spread by TeamPCP, is using GitHub repositories as a dead drop in order to maintain persistence in compromised devices. Internet Computer Protocol (ICP) canisters that are otherwise tamper-proof, blockchained to host code and data and remain active as long as the owner keeps paying to keep them there are being turned into proxies, essentially.
The malware itself went after exposed Docker APIs, Kubernetes clusters, Redis servers, and the React2Shell vulnerability when it first became visible in December. Since then it’s moved laterally through victim networks, siphoning authentication credentials and extorting victims over Telegram, according to Krebs On Security’s post from yesterday. Large scale automation and integration of proven techniques is the most common usage of this malware. The security firm Flare’s Assaf Morag wrote, and was quoted by Krebs thus, “The group industrializes existing vulnerabilities, misconfigurations, and recycled tooling into a cloud-native exploitation platform that turns exposed infrastructure into a self-propagating criminal ecosystem.”
The current campaign? A two fold attack against Iranian targets – utilizing their timezone and default language being set to Farsi for specificity – and...everywhere else. The focused attack deploys a wiper that destroys every node it can find if Kubernetes clusters are present, while those incursions falling outside the timezone range simply wipe local systems. There is some question of what TeamPCP’s ultimate goal is. Obviously, wiping local data and destroying clusters is part of it, but their activity at times – like redirecting to a Rick roll video instead of hosting active malware in the ICP canister – leads some to think this attack on Iran is more a grab for attention with something topical than anything truly targeted.
Nevertheless, the fact that they are using what’s becoming a tried and true tactic points to a shift in how threat actors are using the tools available to them. As long as GitHub repositories are platformed the way they are, meaning intentionally designed to be shared and cloned, they will be exploited.
Posted, 3/24/26
هجوم CanisterWorm: تهديدات جديدة تستهدف إيران
هجوم CanisterWorm: تهديدات جديدة تستهدف إيران
Waspada CanisterWorm! Setelah GlassWorm, Malware 'Cacing' Kini Incar Supply Chain npm & GitHub
Waspada CanisterWorm! Malware Cacing Baru yang Mengincar Supply Chain npm dan GitHub Kabarnya ancaman di dunia keamanan siber gak pernah berhenti, dan sekarang muncul satu lagi yang bikin banyak developer gelisah. Namanya CanisterWorm – malware berjenis cacing yang baru terdeteksi pada 20 Maret 2026 oleh tim Aikido Security. Bedanya dari malware biasa, CanisterWorm ini punya cara penyebaran yang…