DEV Community

NetSecOpsIO
NetSecOpsIO

Posted on • Originally published at cyber.netsecops.io on

Jscrambler NPM Package Hijacked in Supply Chain Attack, Deploys Infostealer Targeting Cloud & AI Dev Secrets

A supply chain attack hit the popular jscrambler npm package, with malicious versions published to the registry using a compromised maintainer credential. These versions contained a Rust-based infostealer designed to steal developer credentials from cloud services (AWS, Azure, GCP), cryptocurrency...

Severity: Critical

Categories: Supply Chain Attack, Malware, Threat Intelligence

Read Full Article →

Top comments (0)