The Hacker News · 7/11/2026

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

Malicious npm package jscrambler 8.14.0 executes infostealer via preinstall hook on Windows, macOS, Linux. Detected within 6 minutes by Socket.

Read original coverage