PostHog Admits Shai-Hulud 2.0 Was Its Biggest Security Scare

PostHog admits Shai-Hulud 2.0 was its biggest security scare

: Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm

Shai Hulud v2 Exploits GitHub Actions Workflows as Attack Vector to Steal Secrets

The software supply chain is under siege from “Shai Hulud v2,” a sophisticated malware campaign that has compromised 834 packages across the npm and Maven ecosystems. This new wave specifically targets GitHub Actions workflows, exploiting pull_request_target triggers to inject malicious code into widely used libraries. The attack has impacted major projects like PostHog, Zapier, and […] The post Shai Hulud v2 Exploits GitHub Actions Workflows as…

What to Know About the Shai-Hulud Malware Attack?

This blog is a summary of our latest flash report covering this incident. On November 24, 2025, a sophisticated self-replicating malware worm known as Shai-Hulud launched its second wave of attacks against the NPM ecosystem, the central registry for JavaScript and TypeScript packages used by millions of developers worldwide. By compromising legitimate maintainer credentials and […] The post The Shai-Hulud Malware Attack on NPM Supply Chain [Flas…

Defending Against Sha1-Hulud: The Second Coming

Shai-Hulud Worm 2.0 is a major escalation of the NPM supply chain attack, now executing in the preinstall phase to harvest credentials across AWS, Azure, and GCP and establish persistence via GitHub Actions. The following SentinelOne Flash Report was sent to all SentinelOne customers and partners on Tuesday, November 25, 2025. It includes an in-depth analysis of the new variant’s tactics, our real-time detection posture, and the critical, immedi…