@postman/tunnel-agent

MAL-2025-190647

npmmalware11/24/2025
Description

Malicious code in @postman/tunnel-agent (npm)

Indicators of Compromise
SHA256 Hashes (4)
b22d1ad5660a0962f206d2473447e9f0581cbc5f2305727a90193249c3a624bf
6961dafcc910bb7a6b1db8cb597068eeb85f973dcd669392354a7b614928dbf5
e93d7934ec491b9f2b476608b71f5e2526d26ddb935bfb724ec73c12ab1225a2
9b313f361e3b72098292bf2cc5691d779dee811c84b580b0f405f016ba779b85
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-wrhq-7m36-c43f
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Setup in 5 minutesSOC 2 & ISO 27001