PostHog experienced a significant security breach caused by the Shai-Hulud 2.0 npm worm, which compromised thousands of developer secrets and spread malicious packages. The incident highlights vulnerabilities in CI/CD workflows and dependency management. #ShaiHulud #npmworm
Keypoints
- The Shai-Hulud 2.0 npm worm was the largest security incident faced by PostHog.
- The worm exploited package installation scripts to exfiltrate secrets and spread further.
- Over 25,000 developersβ credentials and cloud secrets were compromised within three days.
- A malicious pull request enabled attackers to gain full control of CI/CD workflows and steal high-value tokens.
- PostHog is implementing strict security measures, including a trusted publisher model and disabling install scripts.
Read More: https://www.theregister.com/2025/11/28/posthog_shaihulud