@asyncapi/java-spring-cloud-stream-template
MAL-2025-190715
npmmalware11/24/2025
Description
Malicious code in @asyncapi/java-spring-cloud-stream-template (npm)
Indicators of Compromise
SHA256 Hashes (4)
8f14b8686a6c1629d596f3393eca873cec81f0de47fa7507e12d84a2b096172a
4b7ee33a69d9005442fb0347dfb87c303e2acd8cd146d8a85d0cecdc90f94bc3
f2d966194908fa8212d784a0edc9b47c219694bcf637839e4de4dd7ac01c2be2
95eeef02be28af9ecbb246fe813850f94decb59b223f8d3523344863b4a8fbb2
References (4)
https://github.com/advisories/GHSA-5m67-23v4-2wghOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-5m67-23v4-2wgh
Quick Actions