An update to this concluded incident can be found at: 
https://blog.pypi.org/posts/2025-07-31-incident-report-phishing-attack/

TL,DR:
• PyPI was not breached
• PyPI users were targeted with phishing emails
• A single project saw uploads with malicious code and those releases have been 
removed
_______________________________________________
Security-announce mailing list -- security-annou...@python.org
To unsubscribe send an email to security-announce-le...@python.org
https://mail.python.org/mailman3//lists/security-announce.python.org
Member address: arch...@mail-archive.com

Reply via email to