Hello, There is a new ongoing phishing campaign against PyPI users occurring. This campaign uses the same tactics as the previous campaign, but with a new domain and there isn't any indication that this will be the last campaign. This alert details what PyPI maintainers are doing to protect PyPI users and what practices package maintainers can adopt to protect their own users.
As always, you can report suspicious activity on your account or package to [email protected] Read more: https://blog.pypi.org/posts/2025-09-23-plenty-of-phish-in-the-sea/
_______________________________________________ Security-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/security-announce.python.org Member address: [email protected]
