The AI Workspace Hijack: Anatomy of the Jscrambler NPM Attack
Summary
Attackers hijacked Jscrambler's NPM credentials to release malicious versions that steal API keys and developer history from AI tools like Cursor and Claude Desktop using an undocumented Rust-based infostealer.
Similar Articles
@altryne: PSA: If you are un-aware of the latest supply-chain attacks, or aware but complacent and didn't do anything, especially…
A PSA about a series of supply-chain attacks targeting AI developer tools (Hermes, OpenClaw) via npm and PyPI, specifically the 'Mini-Shai Hulud' worm that self-replicates and steals credentials, API keys, and browser sessions. The post advises sandboxed execution and restricting package age to mitigate risks.
Microsoft's open source tools were hacked to steal passwords of AI developers
Microsoft's open source projects on GitHub were hacked to inject password-stealing malware targeting AI developers using tools like Claude Code and Gemini CLI. The company temporarily removed dozens of repositories and is investigating the breach.
Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised
The npm account 'atool' was compromised, leading to the publication of 637 malicious versions across 317 packages. The payload harvests credentials, establishes persistence via AI coding tools and system services, and exfiltrates data through GitHub.
Anatomy of a Failed (Nation-State?) Attack
A detailed post-mortem of a sophisticated fake-interview scam targeting a Rust developer, involving a fabricated VC persona and a custom RAT delivered via a TypeScript repository. The author evades infection thanks to caution and AI-assisted code review.
Your AI agent just got hijacked. You have no idea it happened.
This article warns about the Crescendo attack, a multi-turn prompt injection that evades single-message defenses by poisoning an AI agent's context over several turns. It introduces Bendex Arc, a tool that tracks behavioral trajectory across sessions to catch such attacks before they execute.