@kvytech/medusa-plugin-newsletter

MAL-2025-190816

npmmalware11/24/2025
Description

Malicious code in @kvytech/medusa-plugin-newsletter (npm)

Indicators of Compromise
SHA256 Hashes (4)
1bc31b9734f80c450446788c107c2e8eb2c0f19e699251d173636ce56087ee15
99033b798316d2e4a30d7900d30e42c8339263e325be24419a9856beb1623378
894c285e19676f4d4bb10f52d3e587db7bc8fa784d2e1616a4907d4a65cad5e8
f1441da6d7352cbbd2d14d8cfc7ead2d2e44ec2de2ad7e397efbc50d380418ab
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-6chp-f2vh-826p
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Setup in 5 minutesSOC 2 & ISO 27001