An update to this concluded incident can be found at: https://blog.pypi.org/posts/2025-07-31-incident-report-phishing-attack/
TL,DR: • PyPI was not breached • PyPI users were targeted with phishing emails • A single project saw uploads with malicious code and those releases have been removed _______________________________________________ Security-announce mailing list -- security-annou...@python.org To unsubscribe send an email to security-announce-le...@python.org https://mail.python.org/mailman3//lists/security-announce.python.org Member address: arch...@mail-archive.com