Skip to content
The Nexus
SECURITYJul 11 · 17:59 UTCTHE HACKER NEWS[email protected] (The Hacker News)

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

The jscrambler 8.14.0 npm package included a malicious preinstall hook that deploys a Rust-based infostealer for Windows, macOS, and Linux during installation. The compromised version was published on July 11, 2026, and automatically executes the malware without requiring additional commands or imports. Security firm Socket detected and flagged the release six minutes after publication.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting