The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised
1mo agoen
Source
SnykThe AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromisedsnyk.ioA day after the AntV npm supply chain attack, the same campaign appears to have struck `durabletask`, a Microsoft-associated Python package on PyPI. Snyk has coverage in the vulnerability database and package health pages. Here's what we know.
You might also wanna read
Microsoft uncovers supply chain attack: Compromised @antv npm packages steal CI/CD credentials via Mini Shai-Hulud malware
Microsoft has identified an active supply chain attack targeting the @antv npm package ecosystem. A threat actor compromised an @antv mainta
microsoft.com·1mo ago
PyPI Supply Chain Attacks Expand: New Malicious Packages Target Bioinformatics and MCP Developers
Socket Threat Research team identified a new wave of PyPI supply chain attacks (Mini Shai-Hulud, Miasma, and Hades) that has expanded beyond
PyPI Package 'Lightning' Compromised in Supply Chain Attack Affecting AI/ML Developers
The PyPI package 'lightning', a widely-used deep learning framework, was compromised in a supply chain attack affecting versions 2.6.2 and 2
LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
Datadog·3mo ago
Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages
Microsoft identified an active supply chain attack (Mini Shai-Hulud campaign) targeting the npm package ecosystem. On May 28, 2026, a threat
microsoft.com·1mo ago
Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware
A sophisticated supply chain attack has compromised the popular @ctrl/tinycolor NPM package (with over 2 million weekly downloads) along wit

Comments
Sign in to join the conversation.
No comments yet. Be the first.