@accordproject/concerto-analysis
MAL-2025-191171
npmmalware11/25/2025
Description
Malicious code in @accordproject/concerto-analysis (npm)
Indicators of Compromise
SHA256 Hashes (3)
cac6d1df3edcd5e424e7c1c6f1f2121ec9f66858525a058324bbc96ee9841752
9d6b20a978ee216d20d3ce93508418877b5ca745da33888a0d3eeeb4ab76c1f7
bd4dfaf2dbfd72597ed98e94903934d34e97ddd5dc4f7aeb7f5450767cb3a34c
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-h27j-vm9v-5mpmOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/25/2025
Aliases
GHSA-h27j-vm9v-5mpm
Quick Actions