1 post
all tags → · blog index →
Technical deep-dive into the Mini Shai-Hulud worm: GitHub Actions cache poisoning, npm propagation, persistence in Claude Code and VS Code, credential theft, dead-man’s switch, and why AI “vibe coding” widens the attack surface.