ByteBrief
We're a portrait publication through and through. Turn your phone back and your briefing picks up right where you left it.
(We tried widescreen once. It wasn't us.)
A threat actor published malicious versions of the Jscrambler npm package (releases 8.14, 8.16, 8.17, and 8.20) that installed a Rust infostealer via a preinstall hook. The package was downloaded 1,479 times in two hours before being deprecated. The malware targeted cloud credentials, cryptocurrency wallets, browser data, and AI coding tool configs.
Tap to vote and see what everyone thinks.
Summary by ByteBrief