News
The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.
The 12 packages have been discovered in two separate scans by a security engineer who goes online by the name of Bertus, and have long been removed from PyPI before this article's publication.
Even if these packages were used for legitimate security testing and the operators behind them never intended to exploit the stolen details, their presence on PyPI might have exposed "involuntary ...
Developers who published projects on PyPI with their email in package metadata are being targeted They are asked to "verify" their email address with a fake PyPI platform The "verification ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback