@kvytech/medusa-plugin-promotion

MAL-2025-191240

npmmalware11/25/2025
Description

Malicious code in @kvytech/medusa-plugin-promotion (npm)

Indicators of Compromise
SHA256 Hashes (3)
e3dfd35e90978ccdc2cbd674655cf5e930e783690f73459a094afd30271810c0
37c514d87a301560b710f15f55c539def9da9c9219a26c828b1c10e9ef9166f6
f2a466e1f572169367ae23de09311bd07d68a2fb1a6b31c6e3347a8f7305f2e5
Details
Ecosystemnpm
Attack Typemalware
Published11/25/2025
Aliases
GHSA-7wrg-wj98-r3m4
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Setup in 5 minutesSOC 2 & ISO 27001