THREATOPS
THREAT OPSThreat News › The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised

The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised

infosnykPublished 2026-05-19

A day after the AntV npm supply chain attack, the same campaign appears to have struck `durabletask`, a Microsoft-associated Python package on PyPI. Snyk has coverage in the vulnerability database and package health pages. Here's what we know.

Original source: https://snyk.io/blog/durabletask-pypi-supply-chain-attack/