@kvytech/medusa-plugin-announcement
MAL-2025-190744
npmmalware11/24/2025
Description
Malicious code in @kvytech/medusa-plugin-announcement (npm)
Indicators of Compromise
SHA256 Hashes (4)
1f7c7aaddcf6972e795a38a7fba83c71af159b3b69576fa1822e85bc598e41ff
8fda18824e7544b009117ab962028a53a03245d741b85fa30789a9cda67f5b1b
a211bdbaa506109031b2d47d33a86568c7f210dd18fffb9bf2c3b75ccc480b26
baddf83634391fc236f08a831982d9f8d83ea6347c94253bbfafdcfad6246699
References (4)
https://github.com/advisories/GHSA-53mv-xhh4-47h8OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-53mv-xhh4-47h8
Quick Actions