kinvey-cli-wrapper
MAL-2025-191118
npmmalware11/24/2025
Description
Malicious code in kinvey-cli-wrapper (npm)
Indicators of Compromise
SHA256 Hashes (3)
f5c927261aeaaa786117251a78d49a1dcc30a004d08df680b8f3b9ebf73be05e
c40e7aa2a954e976195783119a43a9b038a570885caee4bf84233bf196f03cfd
0cd908bc42e771527ecff3b0ef336122eb8d484f23f0402f511ca30dcb7b37dc
References (4)
https://github.com/advisories/GHSA-2mch-f3qc-jjgmOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-2mch-f3qc-jjgm
Quick Actions