Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
Version 8.14.0 of the jscrambler npm package shipped with a malicious preinstall hook that silently drops and runs a native infostealer during installation, one build each for Windows, macOS, and Linu
Original Disclosure
https://thehackernews.com/2026/07/compromised-jscrambler-81…
Severity
medium
Sector
other
Disclosure date
July 11, 2026
Indexed
17 hours, 42 minutes ago