The Python Package Index (PyPI) now checks for expired domains to prevent supply chain attacks related to domain resurrection. This update enhances account security, especially for accounts using custom email domains, by limiting attackersβ ability to hijack accounts through expired domains. #PyPI #DomainResurrection
Keypoints
- PyPI has implemented checks for expired domains to prevent supply chain attacks.
- The new measure aims to thwart domain resurrection attacks that can lead to account hijacking.
- Over 1,800 email addresses have been unverified due to domain expiration since June 2025.
- Attackers can exploit expired domains to reset passwords and takeover accounts.
- PyPI advises users to enable 2FA and add secondary emails from reputable domains for enhanced security.
Read More: https://thehackernews.com/2025/08/pypi-blocks-1800-expired-domain-emails.html