@jik It's tin foil hat territory, but this could have been an attack if you consider it a possibility that Crowdstrike's QA pipeline was compromised to allow this update through (or pass on a payload that is subtly different from the one that was verified).