Find notable cyber news and cases, enriched with sources, timelines, and signals.

Jscrambler hit by network compromise

Incident
First reported
Last updated
Happening score
H score 15
1 unique sources, 1 articles

Summary

Hide ▲

The Jscrambler npm package suffered an unauthorized publication of a malicious version that exposed developers to infostealer theft risk. The bad release stayed live for two hours and was downloaded 1,479 times, widening the blast radius to secrets, cloud credentials, and wallet data. Jscrambler said the incident stemmed from compromised npm publishing credentials, then revoked access, deprecated the package, and released 8.22.

Related Happenings

Jscrambler 8.14.0 malicious preinstall infostealer release

Malware Activity
H score9 First: 11.07.2026 20:59 Last: 11.07.2026 20:59 Sources 1

How related: The malicious Jscrambler package spanned releases 8.14, 8.16, 8.17, and 8.20 and included information-stealing malware that executed during the ‘preinstall’ hook.

About this happening: The **jscrambler 8.14.0** npm release now ships a **malicious preinstall hook** that runs a **Rust infostealer** during install, putting **developer and CI secrets** at risk on **...

Injective Labs SDK project GitHub repository hit by network compromise

Incident
H score21 First: 09.07.2026 23:10 Last: 09.07.2026 23:10 Sources 1

About this happening: The **Injective Labs SDK** project suffered a **GitHub repository compromise** that let attackers publish a malicious **@injectivelabs/sdk-ts v1.20.21** package, putting developer...

Mini Shai-Hulud / Miasma / Hades multi-ecosystem supply-chain malware activity

Malware Activity
H score36 First: 26.06.2026 14:05 Last: 26.06.2026 14:05 Sources 1

About this happening: The **Mini Shai-Hulud / Miasma / Hades** malware activity added **malicious npm releases**, **GitHub Actions workflow abuse**, and a related **Go module compromise**, increasing t...

Easy-day-js Mastra package-publishing campaign

Campaign
H score30 First: 17.06.2026 10:38 Last: 17.06.2026 10:38 Sources 1

About this happening: The **easy-day-js** campaign mass-published more than **140 malicious npm packages** across the **@mastra/*** namespace, creating broad supply-chain exposure for developers and bu...

Mastra @mastra/* npm packages hit by network compromise

Incident
H score47 First: 17.06.2026 10:38 Last: 17.06.2026 10:38 Sources 1

About this happening: **Mastra** @mastra/* npm packages were **compromised** in a **software supply chain attack** that spread through the namespace on **2026-06-17**. Microsoft now attributes the acti...

Latest development: 20.06.2026 17:09

Microsoft attributed the Mastra AI supply chain attack to Sapphire Sleet, also known as BlueNoroff, and said the attackers compromised the npm maintainer account ehindero, which had publishing privileges across the Mastra package environment. The June 19 update said more than 140 packages in the @mastra scope were modified to inject easy-day-js.

Timeline

  1. 13.07.2026 22:44 2 articles · 4h ago

    Jscrambler discloses malicious npm package publication

    Initial Disclosure

    Jscrambler disclosed that a threat actor unauthorizedly published a malicious version of its jscrambler npm package used with Code Integrity, and the bad releases 8.14, 8.16, 8.17, and 8.20 executed information-stealing malware during the preinstall hook. The package stayed live for two hours, was downloaded 1,479 times, and Socket detected and analyzed the compromise. Jscrambler said the issue was limited to that package and did not affect other products such as Webpage Integrity, revoked compromised npm publishing credentials, deprecated the affected package and four dependent Jscrambler packages, released safe version 8.22, and added additional publishing-pipeline security controls.

    Show sources