Jscrambler npm Breach Exposes Developers to Malware
Malware Harvested Cloud Credentials, Source Code and Deployment Tokens Attackers used a compromised npm publishing credential to release five malicious versions of Jscrambler's Code Integrity package, deploying a Rust-based infostealer that harvested developer, cloud and AI tool credentials while evolving its delivery methods to evade detection.