OpenAI confirms security breach in TanStack supply chain attack
…Claude Code hooks and VS Code auto-run tasks, enabling it to survive package removal. The malware spread to other projects by using stolen GitHub and npm credentials to compromise maintainer accounts…