durabletask 1.4.1–1.4.3 on PyPI are malicious. 417k monthly downloads. Runs credential theft on import — AWS, Azure, GCP, K8s, Vault, 1Password, Bitwarden. Pin to 1.4.0 now.
Full advisory + IOCs:
https://www.endorlabs.com/learn/trojanized-microsoft-sdk-durabletask-1-4-1-through-1-4-3-deliver-credential-stealing-malware
Endor Labs and Chaingaurd are partnering to deliver end-to-end software supply chain security.
Read more about what the integration delivers
https://www.endorlabs.com/learn/endor-labs-and-chainguard-partner-to-deliver-end-to-end-software-supply-chain-security
Endor Labs detected 600+ malicious package versions forging valid Sigstore provenance. If you installed affected packages May 19, rotate all credentials now.
37 @antv/* packages. 27 minutes. One stolen token. Full IOC list:
http://www.endorlabs.com/learn/mini-shai-hulud-returns-42-malicious-npm-packages-fake-sigstore-badges-in-antv-ecosystem-attack
AI coding agents now install packages, run commands, and call external services, autonomously. Zero visibility for most security teams.
Today we launched Agent Governance + Package Firewall to secure this new layer of risk.
www.endorlabs.com/learn/introducing-security-for-ai-coding-agents-and-workstations
84 @tanstack npm packages compromised today. 12M+ weekly downloads at risk.
2FA didn't stop it. Rotate your creds. Don't install @tanstack/* yet.
Full IoCs + mitigations in our blog :
https://www.endorlabs.com/learn/shai-hulud-compromises-the-tanstack-ecosystem-80-packages-compromised
4 SAP npm packages weaponized today: mbt, @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service.
Steals GitHub/AWS/GCP/Azure tokens + AI tool configs. Self-replicating worm. Persists via VS Code & Claude Code hooks.
Rotate everything.
www.endorlabs.com/learn/mini-shai-hulud-npm-worm-hits-sap-developer-packages
GPT-5.5 just set a new security record on our Agent Security League, through Cursor.
Through Codex, it ties for third on security and trails by ~26 points on functional correctness.
Same model, same week, two harnesses, two very different results. Henrik Plate breaks down what's going on, including one task where Codex + GPT-5.5 uniquely fails where every other combo succeeds:
https://www.endorlabs.com/learn/gpt-5-5-sets-a-new-code-security-record-with-cursor-not-codex-in-agent-security-league
OpenAI's newest model now holds the top security score on the Agent Security League through Cursor as the agent harness. Through Codex, it ties for third on security but trails on functional correctness.
"Shai-Hulud: The Third Coming", the @bitwarden/[email protected] attack brought back npm worm propagation, targeted AI coding agents (Claude Code, Gemini, Codex, Kiro, Aider, OpenCode), and stole developer secrets from CI/CD and local machines.
Analysis + IOCs:
https://www.endorlabs.com/learn/shai-hulud-the-third-coming----inside-the-bitwarden-cli-2026-4-0-supply-chain-attack
NEW: We benchmarked every major AI coding agent for security.
🔑>80% of AI-generated code that works still has vulnerabilities
🔑Security scores have barely improved, even as functional ability soars
🔑Best security score across all agents: just 17.3%
Full leaderboard:
http://endorlabs.com/research/ai-code-security-benchmark
