image-to-uri
MAL-2025-190968
npmmalware11/24/2025
Description
Malicious code in image-to-uri (npm)
Indicators of Compromise
SHA256 Hashes (3)
6d3880cd56fca46045266b2fa25b00db141ca4d96a3e52047e6a414a20f349f5
fa7b50ee7112a1f75ce3c55597ff598a36e98882fce34223c7d5bde782c8a27a
3ee581a3961bed44717c5a275fe342f8e38cc62366fa747c4d561882be93f594
References (4)
https://github.com/advisories/GHSA-g4f7-4w33-8wv7OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-g4f7-4w33-8wv7
Quick Actions