Executive Summary
On May 19, 2026, the official Microsoft Python SDK durabletask (widely used for building stateful orchestrations in serverless and distributed environments) was compromised in a severe software supply chain attack StepSecurity Incident Registry opens in a new tab. Attackers hijacked the PyPI publishing credentials (likely via a leaked API token or account takeover) and bypassed Microsoft's source repository and build pipeline entirely Snyk Security Blog opens in a new tab. They directly uploaded three compromised versions to PyPI: 1.4.1, 1.4.2, and 1.4.3 StepSecurity Incident Registry opens in a new tab. The malicious packages contained a dropper payload designed to download and execute rope.pyz—a highly sophisticated, multi-stage credential harvesting and exfiltration framework attributed to the cybercrime group TeamPCP JFrog Security Research opens in a new tab. The payload scraped developer workspaces, CI/CD runners, and active environment memories to steal AWS, Google Cloud, Azure, and Kubernetes secrets, exfiltrating them to TeamPCP-controlled C2 servers. CISA and Microsoft security teams intervened to yank the compromised releases and revoke the compromised token. Purge affected caches, then use the lockfile, process, and downstream audit recipes below to determine whether rope.pyz executed and which identities were reachable.