Tag
Attackers hijacked Jscrambler's NPM credentials to release malicious versions that steal API keys and developer history from AI tools like Cursor and Claude Desktop using an undocumented Rust-based infostealer.