In the wake of a new phishing campaign, PyPl, the default source for Python’s package management tools, is asking its users to reset their credentials. The fake email asks users to “verify their email address” for “account maintenance and security procedures” with a note that their account may be suspended. If clicked on, the link goes to pypi-mirror.org which is a domain not owned by PyPI or the PSF/
More details are available here: https://blog.pypi.org/posts/2025-09-23-plenty-of-phish-in-the-sea/
Jim Routh, Chief Trust Officer at Saviynt, commented:
“Threat actors are finding different ways to steal credentials for cloud accounts essential for enterprises to assemble and develop software for their respective customers. The tactics used enable threat actors identify many more target enterprises (customers) and monetize the compromise in several ways.
“Enterprises have an opportunity to more effectively manage the risk of this type of credential compromise through advanced authentication methods, cloud account access management methods and privileged user management using continuous validation techniques.”
This is a huge issue and it will only increase if action is not taken quickly. Enterprises should make that a today problem.
Like this:
Like Loading...
Related
This entry was posted on September 25, 2025 at 2:53 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
PyPI Warns of Phishing Attacks – Urges Users to Reset Credentials
In the wake of a new phishing campaign, PyPl, the default source for Python’s package management tools, is asking its users to reset their credentials. The fake email asks users to “verify their email address” for “account maintenance and security procedures” with a note that their account may be suspended. If clicked on, the link goes to pypi-mirror.org which is a domain not owned by PyPI or the PSF/
More details are available here: https://blog.pypi.org/posts/2025-09-23-plenty-of-phish-in-the-sea/
Jim Routh, Chief Trust Officer at Saviynt, commented:
“Threat actors are finding different ways to steal credentials for cloud accounts essential for enterprises to assemble and develop software for their respective customers. The tactics used enable threat actors identify many more target enterprises (customers) and monetize the compromise in several ways.
“Enterprises have an opportunity to more effectively manage the risk of this type of credential compromise through advanced authentication methods, cloud account access management methods and privileged user management using continuous validation techniques.”
This is a huge issue and it will only increase if action is not taken quickly. Enterprises should make that a today problem.
Share this:
Like this:
Related
This entry was posted on September 25, 2025 at 2:53 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.