tenacious-fetch
MAL-2025-191023
npmmalware11/24/2025
Description
Malicious code in tenacious-fetch (npm)
Indicators of Compromise
SHA256 Hashes (3)
0c44fc9d1c7099876e590cd69eb0d5ff3928dcc439cfe74cce255584a3455cf9
61051d9fdf4393e5d5b5336a35ce010a5bd613ab5e8c9b1f45c9c3a409f365c5
711a664c841c44504bae9b7dd5e4ecf3379725fc1ece1785821a7990e4de9e64
References (4)
https://github.com/advisories/GHSA-vh97-57mq-739vOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-vh97-57mq-739v
Quick Actions