On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via HTTP POST requests to a remote endpoint.| GitGuardian Blog - Take Control of Your Secrets Security
PyPI now has a new, improved way to report malware.| blog.pypi.org
The official home of the Python Programming Language| Python.org
Publishing to PyPI with a Trusted Publisher| docs.pypi.org