SecurityWeek

PyPI Warns Users of Fresh Phishing Campaign

PyPI, the default platform for Python's package management tools, is warning users of a fresh phishing campaign.

Python developers targeted with new password-stealing phishing attacks - here's how to stay safe

“If you have already clicked on the link and provided your credentials, we recommend changing your password on PyPI immediately,” Larson warned. “Inspect your account's Security History for anything ...

Unofficial Postmark MCP npm silently stole users' emails

A npm package copying the official 'postmark-mcp' project on GitHub turned bad with the latest update that added a single line of code to exfiltrate all its users' email communication.