Bleeping Computer

PyPI invalidates tokens stolen in GhostAction supply chain attack

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish ...
Dark Reading

Japan Blames North Korea for PyPI Supply Chain Cyberattack

Japanese cybersecurity officials warned that North Korea's infamous Lazarus Group hacking team recently waged a supply chain attack targeting the PyPI software repository for Python apps. Threat ...