Microsoft's durabletask package on PyPi Compromised. Mini Shai Hulud attacks again... again!
Source: Aikido.Dev
Published:
<p>We've identified three malicious versions of durabletask on PyPI, 1.4.1 , 1.4.2 , and 1.4.3 , that contain a dropper injected directly into the package's Python source files. When a developer installs any of these versions and imports the library, the dropper silently fetches and executes a secon