Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
Malicious npm package jscrambler 8.14.0 executes infostealer via preinstall hook on Windows, macOS, Linux. Detected within 6 minutes by Socket.
Cybersecurity briefings
A minimal stream of relevant cybersecurity stories, selected for clarity and speed.
Malicious npm package jscrambler 8.14.0 executes infostealer via preinstall hook on Windows, macOS, Linux. Detected within 6 minutes by Socket.
Six U-Boot bootloader vulnerabilities discovered: four enable denial-of-service, two allow malicious code execution before kernel loads on routers, cameras, servers.
Wiz researchers found symlink attacks in six AI coding assistants (Claude Code, Cursor, Amazon Q, others) allowing booby-trapped projects to write to sensitive files bypassing approval.
CVE-2026-43499: 15-year-old Linux kernel flaw allows any logged-in user to gain root control; affects all mainstream distributions since 2011; no special permissions required.
CVE-2026-11405: Tenda router firmware embeds undocumented authentication backdoor enabling admin web access without password; affects multiple firmware versions.