The threat actor group TeamPCP, which operates the prolific Mini Shai-Hulud supply chain campaign, has successfully compromised Microsoft’s official Python client for the Durable Task workflow execution framework. Three malicious versions, durabletask v1.4.1, v1.4.2, and v1.4.3, were published to PyPI on May 19, 2026, within a 35-minute window and have since been quarantined following independent analysis. The package […]
The post Microsoft DurableTask Python Client Compromised by TeamPCP appeared first on Cyber Security News.