@posthog/plugin-contrib

MAL-2025-190751

npmmalware11/24/2025
Description

Malicious code in @posthog/plugin-contrib (npm)

Indicators of Compromise
SHA256 Hashes (4)
e7be7c80e1b4ff3df4c7d2b1129e9b889b217c95c62bb2e4623165db643e488e
afcd017c0dad0f7c8771c40b6fbc9308cf19b77a704f62856696156fb3cf156b
1651ff1aae98d06c4276b3177a78fa4acb41c236199a920ae929935cfa557c76
613c0aad1ec62f4d0d7ff6a88c66428574f2bb1b9382b58e279982e9e802d4dd
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-g7v2-2xxc-c78j
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Setup in 5 minutesSOC 2 & ISO 27001