Phishing attacks with new domains likely to continue
Unfortunately the string of phishing attacks using domain-confusion| The Python Package Index Blog
Unfortunately the string of phishing attacks using domain-confusion| The Python Package Index Blog
Incident report of a recent attack campaign targeting GitHub Actions workflows to exfiltrate PyPI tokens, our response, and steps to protect your projects.| blog.pypi.org
We're releasing a security advisory for uv due to ZIP parsing differentials which allow an attacker to bypass common Python security scanners.| astral.sh
PyPI now serves project status markers in its standard| The Python Package Index Blog
PyPI will begin warning and will later reject wheels that contain differentiable ZIP features or incorrect RECORD files.| blog.pypi.org
Read the follow-up post: Phishing Attack Follow-Up| The Python Package Index Blog
A follow-up to the inbox.ru email domain prohibition.| blog.pypi.org
Follow-up on the recent phishing attack targeting PyPI users.| blog.pypi.org
We have prohibited new registrations of accounts using inbox.ru email domains.| blog.pypi.org
We responded to an incident related to privileges persisting via Organization Teams after Members are removed from Organizations.| blog.pypi.org
Index API| docs.pypi.org
Projects on PyPI can now be marked as archived.| blog.pypi.org
Handling project quarantine lifecycle status for suspected malware| blog.pypi.org
