@asyncapi/java-template
MAL-2025-190717
npmmalware11/24/2025
Description
Malicious code in @asyncapi/java-template (npm)
Indicators of Compromise
SHA256 Hashes (4)
773a517eadeb619b811538b51c0053be9581531ee0422e715a4360a18f01553e
686b2e4c1fe342d1169679b52ef96ae90aebf27fe6b9d3c84f0f9d252779ae15
687677e4c5d309750374cc17ed3c8b51caa5f2daf1042b8394ea24c566a9b25e
679c7bc116e44eb4547b8a868256bfba782795e85203798411d7f054ab1cd8de
References (4)
https://github.com/advisories/GHSA-6vm8-wchg-2p9wOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-6vm8-wchg-2p9w
Quick Actions