@louisle2/cortex-js
MAL-2025-190817
npmmalware11/24/2025
Description
Malicious code in @louisle2/cortex-js (npm)
Indicators of Compromise
SHA256 Hashes (4)
174ad745e5cf3348d3f49b8423ce849882002841a37af3fd4f27a749441336b9
c444e50876d5f75647d843c02c0b22a893e1129c31baca504e57985a07a2f5bb
9eaffc1a1b6b060c8a0670e7ce6ab022f2ed2fb5d109c8d5562f1c8da2b57d9e
9ffcd90455df34f4ee69297c6d6ebbaa1915b73d7b2ebcd810bd4097a11a69ab
References (4)
https://github.com/advisories/GHSA-jvhp-wxfw-v9j5OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-jvhp-wxfw-v9j5
Quick Actions