Japan’s largest taxi operator shuts systems after cyberattack

The Jscrambler client-side web security company disclosed that a threat actor published a malicious version of its npm package that has been downloaded almost 1,500 times.

The malicious Jscrambler package spanned releases 8.14, 8.16, 8.17, and 8.20 and included information-stealing malware that executed during the ‘preinstall’ hook.

“Today, we identified the unauthorized publication of a malicious version of our jscrambler npm package, which is used with our Code Integrity product,” Jscrambler says in a warning on Saturday.

“This incident was limited to that package and did not affect any other Jscrambler products, including Webpage Integrity,” the company said.

Although Jscrambler reacted quickly, the malicious package lasted for two hours before the developer deprecated it and released the safe version 8.22.

The affected package was a dependency for four other Jscrambler packages, which the vendor has also deprecated and replaced with new versions.

Jscrambler is a commercial platform for protecting web and mobile JavaScript applications from reverse engineering and tampering.

Its npm package has 17,000 weekly downloads and enables app developers to upload their JavaScript to Jscrambler’s service to protect the code from alteration. This helps defend against real-time modifications like injecting malicious code.

Application-security company Socket detected the compromise and analyzed the unauthorized Jscrambler release. The researchers say that the package included an infostealer that targeted multiple types of sensitive data:

Socket reports that the malware used strong per-string obfuscation via the ChaCha20-Poly1305 encryption algorithm, which made it difficult to reverse-engineer the code.

According to Jscrambler, the compromise was possible due to compromised npm publishing credentials, which the company has revoked.

Following the incident, additional security controls have been implemented for the publishing pipeline.

Developers who have used the malicious npm packages should treat their environments as compromised, rotate all secrets, and restore from safe backups.

Jscrambler recommends that customers make sure that they are using the latest version of the product.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Popular node-ipc npm package compromised to steal credentials

New Shai-Hulud malware wave compromises 600 npm packages

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

New IronWorm malware hits 36 packages in npm supply-chain attack

Injective SDK on npm infected with cryptocurrency wallet stealer

Claude Fable 5 stays free for paid users until July 19 as Anthropic buys more time

Australia warns of global campaign targeting vulnerable CMS platforms

‘Ghostcommit’ hides prompt injection in images to fool AI agents, steal secrets

How Mature Is Your AI Security Program? Take the Free AI Maturity Assessment.

#1 MSP Benchmark report 2026: Insights from 1,000+ MSPs on growth, security, artificial intelligence, and key 2026 trends.

Your Scanners Are Green. Your Pipeline Might Not Be. Here’s How to Close the Gap.

AI is a data-breach time bomb: Read the new report?utm_source=bleepingcomputer&utm_medium=referral&utm_campaign=bleepingcomputer_referral&utm_content=article

Overdue a password health-check? Audit your Active Directory for free

Terms of Use – Privacy Policy – Ethics Statement – Affiliate Disclosure

Read our posting guidelinese to learn what content is prohibited.