@browserbasehq/stagehand
MAL-2025-191198
npmmalware11/25/2025
Description
Malicious code in @browserbasehq/stagehand (npm)
Indicators of Compromise
SHA256 Hashes (3)
18a4a53eddc33c2b49c9dd6b6c736bcaf6784ad6370e235aaf1fcb1a91ffa162
399bf53eafd72c4e503b750888756dfb1bd9c9e16872c9ba463458b2e76a9487
0147cee6c903a9fd8dabfedd42c60df91437e6a7a750bebff3c26ce687d4443a
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-mmp7-557c-74pqOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/25/2025
Aliases
GHSA-mmp7-557c-74pq
Quick Actions