Cybersecurity researchers identified a supply chain worm called CanisterSprawl that hijacked npm packages to steal developer tokens. The malicious code, detected by Socket and StepSecurity, spreads via a self-propagating mechanism using stolen npm tokens and exfiltrates data through an ICP canister. The attack highlights ongoing risks in software supply chain security.
XRP approaches a key resistance at $1.53, with momentum building for a breakout. Failure to surpass this level could trigger a sell-off, especially if Bitcoin's rally stalls. Technical signals suggest XRP is at a critical juncture, with support at $1.39. A breakout could push XRP toward $1.60, but rejection risks a decline to $1.09.
The U.S. Indo-Pacific Command is running a live Bitcoin node and conducting operational tests on the Bitcoin protocol to enhance military network security, according to Admiral Samuel Paparo. As of April 2026, these efforts aim to improve cybersecurity for military networks in the Indo-Pacific region, marking a notable integration of blockchain technology into defense infrastructure.
SparkLend has seen over $1 billion in deposits since the Kelp exploit, which involved borrowing $190 million in WETH using unbacked rsETH. Meanwhile, Aave's total value locked (TVL) has dropped by $10 billion. The incident highlights risks in DeFi protocols and the impact of exploits on investor confidence and platform stability.
Cybersecurity firm Socket warned on April 22, 2026, about malicious Docker images and VS Code extensions targeting Checkmarx's supply chain. Attackers overwrote tags like v2.1.20 and alpine in the official "checkmarx/kics" Docker Hub repository, and added a fake v2.1.21 tag, posing security risks to users relying on these images and extensions.
Microsoft is integrating Anthropic’s Claude Mythos into its Security Development Lifecycle (SDL) to enhance vulnerability detection. Announced on April 7, Mythos has already identified thousands of major security flaws in operating systems and web browsers. This rollout is part of Anthropic’s Project Glasswing, which also involves Amazon and Apple, aiming to strengthen cybersecurity across major tech companies.
Wallet and payment companies face increasing security challenges in the crypto market, emphasizing the need for proactive PR and crisis communication strategies. Building trust is crucial as users remain unforgiving of breaches. While specific companies or amounts are not mentioned, the article highlights the importance of transparent communication to maintain user confidence amid rising security concerns in 2026.
