Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

Article summary
Quick briefing — cleaned from the original RSS feed
The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Windows, macOS, and Linux. Socket flagged the release six minutes after it was published. If you or one of your
1Key Takeaways
- The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine.
- Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Windows, macOS, and Linux.
- Socket flagged the release six minutes after it was published.
2AIWedia Score
8.6/10
High relevance — worth your attention today
Based on source trust, recency, category impact, and story depth.
3Why it matters
Security headlines highlight new attack surfaces as AI gets embedded in more systems. The Hacker News reports that the jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine.
Explore related
Browse toolsRelated tools
Cybersecurity news
Explore curated cybersecurity tools on AIWedia — compare, rank, and launch from our directory.
Full story on The Hacker News
Read full articleHeadlines aggregated via RSS for discovery on AIWedia. Original content © The Hacker News. We link to the source and do not republish full articles.
