Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

PyPI maintainers alert users to email verification phishing attack

PyPI warns of phishing emails from noreply@pypj[.]org posing as “[PyPI] Email verification” to redirect users to fake package sites. PyPI warns of an active phishing attack using fake “[PyPI] Email verification” messages from noreply@pypj[.]org, aiming to lure users to spoofed PyPI sites. PyPI, short for the Python Package Index, is the official repository for Python […]

PyPI PyTorch Lightning

PyPI warns of phishing emails from noreply@pypj[.]org posing as “[PyPI] Email verification” to redirect users to fake package sites.

PyPI warns of an active phishing attack using fake “[PyPI] Email verification” messages from noreply@pypj[.]org, aiming to lure users to spoofed PyPI sites.

PyPI, short for the Python Package Index, is the official repository for Python software packages. It’s where Python developers publish and share open-source Python libraries and tools, and where users can install those packages using the pip command (Python’s package installer).

The maintainers pointed out that PyPI has not been hacked.

“Over the past few days, users who have published projects on PyPI with their email in package metadata may have received an email titled:

[PyPI] Email verification

from the email address noreply@pypj.org.” reads the advisory published by PyPI Admin, Safety & Security Engineer (PSF) Mike Fiedler.

Note the lowercase j in the domain name, which is not the official PyPI domain, pypi.org.”

“This is not a security breach of PyPI itself, but rather a phishing attempt that exploits the trust users have in PyPI.” continues Fiedler.

A phishing email mimicking PyPI prompts users to verify their email via a fake site. The rogue sites are designed to steal credentials by redirecting logins. PyPI warns users with a homepage banner and urges checking URLs.

“We are also waiting for CDN providers and name registrars to respond to the trademark and abuse notifications we have sent them regarding the phishing site.” continues the alert.

Impacted users who received the phishing email should avoid clicking any links or sharing information and delete the message immediately.
Those who may have clicked the link and entered their credentials are advised to change their PyPI password right away and review their account’s Security History for any suspicious activity.

“If you have already clicked on the link and provided your credentials, we recommend changing your password on PyPI immediately. Inspect your account’s Security History for anything unexpected.” concludes the alert.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, phishing)