Jscrambler npm Package Compromised - Malicious Releases Deploy Cross-Platform Infostealer
RedSide Security July 13, 2026 Vulnerability 3 views
Attackers compromised the Jscrambler npm package and published multiple malicious versions containing a cross-platform Rust infostealer. The malware targets cloud credentials, GitHub tokens, AI coding tools, cryptocurrency wallets, and CI/CD environments, highlighting the growing risk of software supply chain attacks against developers.