Lucene search
K

6 matches found

OSV
OSV
added 2026/06/09 7:34 p.m.11 views

PYSEC-2026-207 durabletask 1.4.1, 1.4.2, and 1.4.3 contain malicious code distributed via a compromised maintainer account

durabletask versions 1.4.1, 1.4.2, and 1.4.3 were published on 2026-05-19 within a 35-minute window through a compromised PyPI maintainer account and contained malicious code. On import, the package fetched a remote payload rope.pyz from an attacker-controlled host and executed it. The payload wa...

5.8AI score
Exploits0References7
The Hacker News
The Hacker News
added 2026/06/06 6:58 a.m.43 views

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per...

6.2AI score
Exploits0
Wiz blog
Wiz blog
added 2026/05/19 5:30 p.m.10 views

durabletask: TeamPCP's Latest PyPi Compromise

Discover the latest on malicious versions of the pypi package durabletask, matching TeamPCP tactics...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 4:47 p.m.25 views

Malicious code in durabletask (PyPI)

1.4.1, 1.4.2, and 1.4.3 of durabletask were compromised via a PyPI maintainer account takeover. All three malicious versions were published on 2026-05-19 within a 35-minute window 16:19–16:54 UTC. Pin to =1.4.0. Attack chain - Stage 1 — Import-time dropper: on import, the package fetches a...

5.9AI score
Exploits0References6
OSV
OSV
added 2026/05/19 4:47 p.m.30 views

MAL-2026-4174 Malicious code in durabletask (PyPI)

1.4.1, 1.4.2, and 1.4.3 of durabletask were compromised via a PyPI maintainer account takeover. All three malicious versions were published on 2026-05-19 within a 35-minute window 16:19–16:54 UTC. Pin to =1.4.0. Attack chain - Stage 1 — Import-time dropper: on import, the package fetches a...

5.9AI score
Exploits0References6
Snyk
Snyk
added 2026/05/18 9:0 p.m.8 views

Embedded Malicious Code

Overview durabletask is an A Durable Task Client SDK for Python Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a malicious payload. A malicious actor linked to the @antv appears to have compromised the GitHub account associated with the package and dumpe...

9.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder