@asyncapi/python-paho-template
MAL-2025-190720
npmmalware11/24/2025
Description
Malicious code in @asyncapi/python-paho-template (npm)
Indicators of Compromise
SHA256 Hashes (4)
8733bbb946cf955fa0a1e85ad52452e15b2e9cfd5328634e4dae994d8f1ae10e
9b7e91afb25619c373d083857f06f65945216536aa6308326de63dd33458f72c
9d8e92b8825fb6098c6a7a3034200280311e64a5974f194f1e750dcb1826d0e7
36c4e788927e6303864c6d846bd72901f8745312514c543945972e6ebdf1d9c6
References (4)
https://github.com/advisories/GHSA-pw9c-2xp8-8673OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-pw9c-2xp8-8673
Quick Actions