@posthog/siphash
MAL-2025-190753
npmmalware11/24/2025
Description
Malicious code in @posthog/siphash (npm)
Indicators of Compromise
SHA256 Hashes (4)
ed632d6b4db6b2f74973167d160350198cd9130da004e958f2f1d51d217e9c3c
06113daabd3bc99b8cdcc1c4641266cebd61a5f0f10df264b2f37c955a121c20
666ec9d6c23bcebd76586f85c752bf2ea7826bf680b456e697127095d2472b63
c7726f58122df84c6d4a10a60244ab59013394e552e73f2849a7473a1325d280
References (4)
https://github.com/advisories/GHSA-2jjg-c6pv-mwm3OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-2jjg-c6pv-mwm3
Quick Actions