pdf-annotation
MAL-2025-190985
npmmalware11/24/2025
Description
Malicious code in pdf-annotation (npm)
Indicators of Compromise
SHA256 Hashes (3)
955e80d981658c3ea77d6ae52df04c36931e4d9403d1a44976b8222b2aa9c4f4
30a9825714dd4a01b7deb1226158bce68ad4456f16230aed225cb7240d7c4344
dc173614e3869823da8c9b270d3b0c4932b5abd5e24647bdb5bacd5fbe864978
References (4)
https://github.com/advisories/GHSA-5r9h-vrq7-h3vrOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-5r9h-vrq7-h3vr
Quick Actions