PyPI

Another PyPI Package Was a Trojan Horse. This One Had a Wiper.

Microsoft's official Durable Task Python SDK was hijacked on PyPI with a credential stealer, a Linux file wiper, and worm logic that spreads using your own cloud keys. No CVE was assigned. Most scanners missed it.