Skip to main content
    Popular Developer Tool Compromised With Malicious Software. Users Need to Act
    Cybersecurity
    2 min read

    Popular Developer Tool Compromised With Malicious Software. Users Need to Act

    A software package used by website developers was hacked to secretly install data-stealing software on computers. This affects developers who installed version 8.14.0.

    Source

    The Hacker News

    Original headline: Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

    Plain-English summary by GetCyberRight. Read the full report at the source above.

    Published Saturday, July 11, 2026Updated Sunday, July 12, 20262 min read
    Share:

    A software package called jscrambler, which is used by website developers, was compromised by attackers. On July 11, 2026, hackers released a malicious version 8.14.0 that secretly installed data-stealing software on any computer that installed it. The malicious software worked on Windows, Mac, and Linux computers. A security company called Socket detected the problem just six minutes after it was published. This primarily affects people who build websites and software applications. If you or someone in your household is a developer who uses npm packages for web development, this is important. If you installed jscrambler version 8.14.0, the malicious software ran automatically during installation and may have stolen information from your computer. Most everyday internet users who don't develop software are not directly affected by this specific incident.

    If you are a developer who installed jscrambler 8.14.0, take immediate action. First, assume your computer has been compromised and disconnect it from the internet right away. Second, scan your entire system with updated antivirus software. Third, change all your important passwords from a different, clean device. This includes passwords for email, banking, work accounts, and any code repositories. Fourth, check your computer for any suspicious programs or processes running in the background and remove anything unfamiliar. Fifth, notify your workplace IT security team if you installed this on a work computer. For long-term protection, whether you're a developer or not, be cautious about what software you install on your computer. Only download programs from trusted sources and official websites. Keep your antivirus software running and updated. Pay attention to security alerts about the tools and programs you use regularly.

    Stay one step ahead of scammers

    Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.

    If you're a developer, use security tools that can scan packages before you install them, and stay informed about security advisories in the development community.

    Protect Yourself

    Stay one step ahead with our free family cybersecurity tools. Check links, scan for breached accounts, and get personalized risk assessments.

    Found this useful?

    Share it with someone who could use a heads-up.

    Share:

    Curated from trusted cybersecurity sources by GetCyberRight

    Source: The Hacker News

    Discussion

    0

    Sign in to join the discussion.

    Stay ahead of cyber threats

    Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.