Attackers used stolen PyPI publishing credentials to push two poisoned releases of PyTorch Lightning (2.6.2 and 2.6.3) — the source repository was not compromised. The embedded payload exfiltrated GitHub tokens, SSH keys, and cloud credentials, then used the stolen tokens to inject malicious commits into up to 50 repository branches with commits falsely attributed to Anthropic's Claude Code. PyPI quarantined both versions within 42 minutes; v2.6.1 remains the last clean release. The campaign has been linked to "Mini Shai-Hulud," an extension of the TeamPCP operation that previously hit Trivy, Bitwarden CLI, LiteLLM, and Checkmarx tooling. Any project that installed 2.6.2 or 2.6.3 should treat all secrets accessible in that environment as compromised. Required actions: immediately remove both versions and downgrade to 2.6.1, rotate all GitHub tokens and SSH keys that were present in affected environments, revoke and reissue cloud credentials, and audit recent git history for suspicious commits that may have been injected using harvested tokens. The false attribution to Claude Code also underscores the risk of trusting commit authorship metadata without signature verification.