@voiceflow/logger
MAL-2025-191354
npmmalware11/25/2025
Description
Malicious code in @voiceflow/logger (npm)
Indicators of Compromise
SHA256 Hashes (3)
2e875fb1d0c832d49e7be2f65359099f3a7fe3950b23a0e7ddb938ab32436d4c
a039f1f0afab9e65e6c7232f4403174b598dd92a26bafa76c1c4ca2370b643e6
8694ddb108f95b95b2ab31e65a4ff5ec96ff47c5acbbdbec749b7319fe58e3bc
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-c8h8-j498-cv9wOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/25/2025
Aliases
GHSA-c8h8-j498-cv9w
Quick Actions