@voiceflow/dtos-interact
MAL-2025-191343
npmmalware11/25/2025
Description
Malicious code in @voiceflow/dtos-interact (npm)
Indicators of Compromise
SHA256 Hashes (3)
1aa85bc4dffd241f64500e092a1e9df0714ad329a0a06bb4d74e4f56d4b4a957
0e97b35ee3ccd9b62f81a36d7321f14859490bf4f2d2c77b00f14115cb503cf6
da307584309abbc16bc106ef1077c1719a9496cf4d3fac9cd2843fd76e77f8d6
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-69fv-v5hx-vg3hOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/25/2025
Aliases
GHSA-69fv-v5hx-vg3h
Quick Actions