An update to this concluded incident can be found at: https://blog.pypi.org/posts/2025-07-31-incident-report-phishing-attack/
TL,DR: • PyPI was not breached • PyPI users were targeted with phishing emails • A single project saw uploads with malicious code and those releases have been removed _______________________________________________ pypi-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/pypi-announce.python.org Member address: [email protected]
