@kvytech/medusa-plugin-management

MAL-2025-190745

npmmalware11/24/2025
Description

Malicious code in @kvytech/medusa-plugin-management (npm)

Indicators of Compromise
SHA256 Hashes (4)
0910748cbd21d909fd4d2d47a2b05d74b138b65dc5448f18befc0b21c7d648af
3db2ba6d2369e5b53d1dfd5a6c8642c90217140b644f1349b42ec9d3e58fdb04
66ace6bea11aa4a81f0e01af5e161d8e8f7706b588f49890fc383bf874522ed8
3de9b55d1856e0972cdd294171a1fd9c6902723104ed689dbda283355648d6da
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-9299-g7fr-hxx9
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Setup in 5 minutesSOC 2 & ISO 27001