@posthog/rrweb-replay
MAL-2025-191299
npmmalware11/24/2025
Description
Malicious code in @posthog/rrweb-replay (npm)
Indicators of Compromise
SHA256 Hashes (3)
9bfe0f926171f329552068f9c5ad73f4a8b257541e9c600a9254d4c5ca132afc
2f432b89321b4c7227fb983e3254795437303872918c4285369d66e29c3d0913
084c272e547764a91347a8436855b707a75409f57fde2692078e9edf5d9b703b
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-422m-73j5-c7cpOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-422m-73j5-c7cp
Quick Actions