
Security Vendor's npm Package Stole AI Coding Keys
Jscrambler's npm package was hijacked to steal Claude Desktop, Cursor, and VS Code credentials via Rust infostealer — days after npm 12 shipped.
July 14, 2026 · 15 min readEvery THE D[AI]LY BRIEF article on credential theft — enterprise AI analysis, benchmarks, vendor comparisons, and ROI frameworks for technology and business leaders. Updated as new coverage publishes.

Jscrambler's npm package was hijacked to steal Claude Desktop, Cursor, and VS Code credentials via Rust infostealer — days after npm 12 shipped.
July 14, 2026 · 15 min read