Home / Jul 14, 2026 / Story
0
#7 BleepingComputer general July 13, 2026 at 19:44 UTC

Hackers backdoor Jscrambler npm package with infostealer malware

By Bill Toulas

AI Summary

A threat actor published a malicious version of Jscrambler's npm package embedded with infostealer malware, which was downloaded approximately 1,500 times before detection — representing another supply chain compromise of a widely-used client-side web security tool. Developers and security teams using Jscrambler's npm package should audit their dependencies and check for indicators of compromise immediately.

Relevance score: 79.0/100

# More from July 14