PyPI Warns of Phishing Attack Using Fake Emails
PyPI, the Python Package Index, has issued a warning about a phishing attack exploiting users' trust in the platform. The attack involves fake emails from noreply@pypj[.]org, attempting to trick users into logging into forged PyPI pages.
The phishing emails use a lowercase domain name, not the official PyPI domain, to deceive users. Those who may have entered their credentials on the fake site are urged to change their PyPI password immediately. Impacted users should delete the phishing email and avoid clicking any links or sharing information.
PyPI is currently awaiting responses from CDN providers and name registrars regarding trademark and abuse notifications. The phishing sites are designed to steal credentials by redirecting logins, with the emails aiming to redirect users to spoofed PyPI sites. PyPI recommends reviewing account Security History for any suspicious activity.
PyPI has not been hacked, but users are urged to check URLs and be cautious of phishing attempts. The organization is warning users about the ongoing attack using fake '[PyPI] Email verification' messages from noreply@pypj[.]org.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- Ukraine's Drone Revolution: Rapid Evolution and Countermeasures
- EU's Energy Infrastructure Under Siege: Cyber Attacks Surge 67% in 2025
- EU Fights Surge in Cyber Threats Targeting Energy Infrastructure
