#7
BleepingComputer
general
July 13, 2026 at 19:44 UTC
Hackers backdoor Jscrambler npm package with infostealer malware
By Bill Toulas
AI Summary
A threat actor published a malicious version of Jscrambler's npm package embedded with infostealer malware, which was downloaded approximately 1,500 times before detection — representing another supply chain compromise of a widely-used client-side web security tool. Developers and security teams using Jscrambler's npm package should audit their dependencies and check for indicators of compromise immediately.
Relevance score: 79.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →