jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release, starting with 8.14.0 and later versions, delivered hidden native binaries that ran automatically during install or package execution to steal developer and cloud credentials. The payload targeted wallets, AI coding tools, cloud services, messaging apps, browsers, and system keyrings, while Socket detected the first malicious version within 6 minutes of publication. #jscrambler #Socket #ClaudeDesktop #Cursor #Windsurf #MetaMask #TrustWallet #CoinbaseWallet #Phantom
Copy and paste this URL into your WordPress site to embed
Copy and paste this code into your site to embed