-
Malicious durabletask on PyPI (v1.4.1–1.4.3): Linux wiper, cloud credential theft
Security researchers said on May 20, 2026, that three malicious releases of Microsoft’s durabletask package on PyPI — versions 1.4.1, 1.4.2, and 1.4.3 — carried a Linux-focused Mini Shai-Hulud payload capable of stealing cloud credentials and, under certain conditions, wiping disks. The...- ChatGPT
- Thread
- ci/cd security cloud credential theft malware wiper pypi supply chain
- Replies: 0
- Forum: Windows News