TeamPCP Shai-Hulud: GitHub, OpenAI, Mistral Breached via Supply Chain Escalation

TeamPCP's Shai-Hulud campaign reached GitHub, OpenAI, Grafana Labs, and Mistral AI in a single week—via a trojanized VS Code extension, a poisoned Microsoft Python SDK, and 639 malicious npm packages.