Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The ink was barely dry on our coverage of the AntV Shai Hulud supply chain attack when a new compromise surfaced in the Python ecosystem. The target this time is durabletask, an open source Python package associated with Microsoft, used for building durable, fault-tolerant workflow orchestration on top of the Durable Task Framework. The latest safe version of durabletask is 1.4.0, and three known versions have been yanked from the PyPI registry.

The way software gets built has fundamentally shifted. AI coding agents are no longer just autocomplete on steroids; they’re resolving packages, configuring environments, selecting tools, and in some cases running the entire development lifecycle, with or without a human in the loop.

If you look at the cybersecurity setups of massive companies like Rockstar Games, Medtronic, or Amtrak, they look like digital fortresses. They spend millions on top-tier firewalls, hire elite security teams, and lock down their perimeters. Yet, all of them have made headlines for major data breaches. Recent Data Breaches How does this happen if their security is so good? The answer is simple: Attackers didn’t kick down the front door.

On May 11, 2026, Mend Defender flagged more than 120 malicious packages newly published to RubyGems — the standard package manager for the Ruby ecosystem. Within 24 hours, that initial cluster expanded into something far larger: tens of thousands of packages pushed by thousands of attacker-controlled accounts, forcing RubyGems to suspend new account registration entirely while the cleanup got underway.

No man is an island, entire of itself; Every man is a piece of the continent, a part of the main.– John Donne Let’s face it, we have a gap in our cyber posture. Thirty percent of breaches originate from third parties, yet as organizations become increasingly exposed to supply chain attacks, they often lack the visibility, context, and workflows to detect and respond to them. Why?

The Mini Shai-Hulud supply chain attack compromised more than 170 packages across npm and PyPI, including packages from TanStack, Mistral AI, and Guardrails AI, by hijacking legitimate CI/CD publishing workflows to distribute malicious versions that still carried apparently valid provenance signals.

Sophos Endpoint in action: Blocking a novel supply chain attack How the unique anti-exploitation capabilities included with Sophos Endpoint blocked a supply chain attack. Sophos Endpoint is architected from the ground up to automatically block exploits, ransomware, and attacker techniques by default with zero manual tuning.

On May 11, 2026, between 19:20 and 19:26 UTC, 84 malicious npm package artifacts were published across 42 packages in the @tanstack namespace. The packages were not published by an attacker who stole credentials; they were published by TanStack's legitimate release pipeline, using its trusted OIDC identity, after attacker-controlled code hijacked the runner mid-workflow. The malicious versions spread to Mistral AI, UiPath, and dozens of other maintainers within hours.

Mend’s security research team has identified a previously undocumented fifth wave of the PhantomRaven campaign, an ongoing NPM supply chain attack that has been stealing developer credentials and secrets since August 2025. This new wave uses a fresh command-and-control server, 33 new malicious packages, and a more sophisticated three-stage payload chain.

We’ve established the new forensic reality: a massive 72.9% inventory gap exists between the vendors you monitor and those invisible to your security. We have seen the shortcomings of SSO and its inability to holistically monitor all the vendor applications your users engage with, along with a Shadow AI explosion that is compounding both issues. The era of procurement-only discovery is over. To secure the modern cyber workforce, we must pivot from "buying-based" to usage-based discovery.