The PyPI repository warns users about a phishing campaign involving fake email verification messages from a suspicious domain. Attackers use these messages to trick users into revealing credentials, which are then sent to legitimate PyPI sites. The campaignโs tactics are similar to recent npm phishing attacks, amplifying concerns across developer platforms. #PyPI #Phishing #npm #Typosquatting
Keypoints
- The phishing emails claim to be from โ[PyPI] Email verificationโ but originate from a false domain.
- Victims are directed to clone sites that look like PyPI but are designed to steal credentials.
- Once credentials are entered, they are automatically routed to the real PyPI site without showing errors.
- PyPI recommends verifying URLs manually and changing passwords if credentials were compromised.
- The campaign resembles recent npm attacks involving typosquatting and malware distribution.
Read More: https://thehackernews.com/2025/07/pypi-warns-of-ongoing-phishing-campaign.html