@kvytech/medusa-plugin-announcement

MAL-2025-190744

npmmalware11/24/2025
Description

Malicious code in @kvytech/medusa-plugin-announcement (npm)

Indicators of Compromise
SHA256 Hashes (4)
1f7c7aaddcf6972e795a38a7fba83c71af159b3b69576fa1822e85bc598e41ff
8fda18824e7544b009117ab962028a53a03245d741b85fa30789a9cda67f5b1b
a211bdbaa506109031b2d47d33a86568c7f210dd18fffb9bf2c3b75ccc480b26
baddf83634391fc236f08a831982d9f8d83ea6347c94253bbfafdcfad6246699
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-53mv-xhh4-47h8
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Setup in 5 minutesSOC 2 & ISO 27001