Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

Version 8.14.0 of the jscrambler npm package shipped with a malicious preinstall hook that silently drops and runs a native infostealer during installation, one build each for Windows, macOS, and Linux.

Published on July 11, 2026, it needs no import and no CLI call. Installing 8.14.0 is enough to run it.

Socket flagged the release six minutes after it was

Source: The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

The circuit that lets your brain think and see

The circuit that lets your brain think and see Source: Hacker News

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories It’s dumb out there again. This week has the usual smell of prod on fire

282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study

282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them,