6 min read
ShakesbeeAI / Security / Supply Chain Shai-Hulud Came for Your Coding Agent
A worm hit PyTorch Lightning on PyPI and crawled into the one place nobody was checking: your AI coding tools. It rewrites .claude/settings.json so the malware launches every time you open Claude Code.