Home / Jul 15, 2026 / Story
0
#10 SecurityWeek general July 14, 2026 at 09:04 UTC

Multiple Jscrambler Packages Impacted by Supply Chain Attack

By Ionut Arghire

AI Summary

A supply chain attack compromised multiple Jscrambler NPM package versions, injecting a cross-platform credential stealer into a widely used JavaScript obfuscation tool. Jscrambler is deployed in enterprise web application build pipelines, meaning the poisoned packages could have harvested developer and CI/CD credentials at scale. Security teams using Jscrambler should audit their dependency versions and rotate any credentials exposed in affected build environments.

Relevance score: 77.0/100

# More from July 15