@asyncapi/multi-parser
MAL-2025-190661
npmmalware11/24/2025
Description
Malicious code in @asyncapi/multi-parser (npm)
Indicators of Compromise
SHA256 Hashes (4)
1bb5e990919cec43b91093e354ec31175f405dc1b2be344636e93137b5e4c297
8fca41600409d9446c4771677d000e0c23cb7f5a5d876cff66c762472d477bae
ae28d5a7633b326134b02c30980d93357f9b58e3143b0e83751e6369441a3034
b89b6d1bed8d33da0e2dd68217cdf7cb6b131b2e5d65bb4cce8b7af1389b6796
References (4)
https://github.com/advisories/GHSA-63gg-qx3x-ph2jOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-63gg-qx3x-ph2j
Quick Actions