#10
SecurityWeek
general
July 14, 2026 at 09:04 UTC
Multiple Jscrambler Packages Impacted by Supply Chain Attack
By Ionut Arghire
AI Summary
A supply chain attack compromised multiple Jscrambler NPM package versions, injecting a cross-platform credential stealer into a widely used JavaScript obfuscation tool. Jscrambler is deployed in enterprise web application build pipelines, meaning the poisoned packages could have harvested developer and CI/CD credentials at scale. Security teams using Jscrambler should audit their dependency versions and rotate any credentials exposed in affected build environments.
Relevance score: 77.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →