Malicious Durabletask Pypi Supply Chain Attack
Source: safedep.io
Published:
<p>Three versions of the durabletask PyPI package (1.4.1, 1.4.2, 1.4.3), Microsoft’s Durable Task SDK for Python , were published on May 19, 2026 using a compromised PyPI API token. The GitHub repository was not breached: no corresponding tags or commits exist, and no publishing workflow ran that da