zuper-stream
MAL-2025-190862
npmmalware11/24/2025
Description
Malicious code in zuper-stream (npm)
Indicators of Compromise
SHA256 Hashes (3)
123b2f89234617b4d3a0968f699b3cd51545e8d268e5fc793b393f71645c4784
74a0f9381a4c5030be93c471e6489c9de683e8c9e2ab2872d8db32583c4fc35e
bae97003ddbb4e58f122341cfba6d281dd7d4df0d2759d8ab4c6137c36b50fb2
References (4)
https://github.com/advisories/GHSA-f7w4-78r2-578gOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-f7w4-78r2-578g
Quick Actions