HackerFeeds

CyberSecurity News

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

The Hacker News
· July 11, 2026

AI summary

A malicious version of the jscrambler npm package, version 8.14.0, was released with a preinstall hook that installs a native infostealer on Windows, macOS, and Linux systems. The infostealer is dropped and run silently during installation, without requiring any import or command-line interface call. Simply installing version 8.14.0 is enough to trigger the malicious activity. The compromised package was published on July 11, 2026. The issue was quickly flagged by Socket, just six minutes after the release was published. The malicious package affects all three major operating systems, putting users at risk of data theft.

Read the full article at The Hacker Newsthehackernews.com/2026/07/compromised-jscrambler-8140-npm-release.html

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.