PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle

16:22 - 28 Nov 2025

go.theregister.com

Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm

PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and tried to auto-loot developer credentials....

https://go.theregister.com/feed/www.theregister.com/2025/11/28/posthog_shaihulud/

Article info:

Full Article URL: https://go.theregister.com/feed/www.theregister.com/2025/11/28/posthog_shaihulud/
Textarea URL (this page):
https://textarea.nl/i/eNplydEJgDAMBcCN-mxAEJcRsbEpKClNStZ3AO_3xL3bDlRNLjy4NnMe6dIXN3NBRPyCFlqRM2hDV3PRepicTeYzCz69zx0l_2025-11-28
Source: https://www.theregister.com/security/headlines.atom
theregister.com/security: https://www.theregister.com/security
Publication date: 2025-11-28 16:22:08
Last retrieval: 2025-11-29 10:45:20.544297