@quick-start-soft/quick-markdown-image
MAL-2025-190823
npmmalware11/24/2025
Description
Malicious code in @quick-start-soft/quick-markdown-image (npm)
Indicators of Compromise
SHA256 Hashes (5)
726d3c0ab795e07bcdc655db4ba9db1276ec010f604cf4aff83026868d5b152a
ebaec604b88bfa99689645f0ecb3061111aa393606337785c71c2755493864f1
4edf6438b065416c909186c1621f7da5515f35695352f258cb93a28b03b35931
5128d1b68c0ccd8b7c226b9818cc453890052d81c6fba4a8133a4bcaa688877b
4b7a5d7a55fe786a245b6362798d3cf471ebca4fcdd9cb369f795ba82a7694c5
References (4)
https://github.com/advisories/GHSA-62qm-7xcr-w8mvOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-62qm-7xcr-w8mv
Quick Actions