The Hacker News
"Compromised jscrambler 8.14.0 npm release drops Rust Infostealer during install." Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 12 July 2026, 1634 UTC. Content and Source: "The Hacker News." URL--https://thehackernews.com/ Please check URL or scroll down to read your selections. Thanks for joining us today. Russ Roberts (https://www.hawaiicybersecurityjournal.net). Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install Jul 11, 2026 Software Supply Chain / Malware The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Windows, macOS, and Linux. Socket flagged the release six minutes after it was published . If you or one of your build systems pulled it in that window...