Home / Jul 12, 2026 / Story
0
#1 The Hacker News general July 11, 2026 at 17:59 UTC

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

By [email protected] (The Hacker News)

AI Summary

The jscrambler npm package version 8.14.0, published July 11, 2026, was found to contain a malicious preinstall hook that silently executes a Rust-based infostealer during installation across Windows, macOS, and Linux — requiring no import or CLI invocation. Socket detected the compromise just six minutes after publication. Supply chain attacks via trusted npm packages pose severe risk to CI/CD pipelines and developer environments.

Relevance score: 82.0/100

# More from July 12