@browserbasehq/director-ai
MAL-2025-191194
npmmalware11/25/2025
Description
Malicious code in @browserbasehq/director-ai (npm)
Indicators of Compromise
SHA256 Hashes (4)
4fe7a263252bab57489923d73db9c5a94d4087e3457ef19a88248191b1739aa6
ffcd92d9e2aa1be6b16a0c54740596637a5c312162928601c1fe5700260ce8df
b86bd8a3bb8b027a0b305fca0e5616b1f8cfee1229e47609ef43a14edb2ad0c6
1984117d455ca44d2f527df3c3000881b70980b4b562cfd6eabe63ca65661756
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-h638-vgm6-2xm2OSV
Details
Ecosystemnpm
Attack Typemalware
Published11/25/2025
Aliases
GHSA-h638-vgm6-2xm2
Quick Actions