National Cyber Warfare Foundation (NCWF)

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install


0 user ratings
2026-07-11 18:52:38
milo
Attacks
Version 8.14.0 of the jscrambler npm package shipped with a malicious preinstall hook that silently drops and runs a native infostealer during installation, one build each for Windows, macOS, and Linux.

Published on July 11, 2026, it needs no import and no CLI call. Installing 8.14.0 is enough to run it.

Socket flagged the release six minutes after it was



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/07/compromised-jscrambler-8140-npm-release.html


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Attacks



Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.