@asyncapi/java-spring-template
MAL-2025-190716
npmmalware11/24/2025
Description
Malicious code in @asyncapi/java-spring-template (npm)
Indicators of Compromise
SHA256 Hashes (4)
a8191bff82322933f626c94461a64d592755eb5e5df4e4262c76d4a3644667cb
5bb0637829fe4777b541f94a01279132c65a2d361e3d762ce0a08dd813e7fd5f
0e86f865b25e5658d47ae23ed2a22f2dd9f2b8375dcf6226e29f8d856b8c6df3
57c479ff5a2ca54bb0571ec8dc24e92baac1afd85cb454c6295b8a08ae71ee89
References (4)
https://github.com/advisories/GHSA-6w4j-664j-g45gOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-6w4j-664j-g45g
Quick Actions