{"id":219183,"date":"2025-08-01T04:19:12","date_gmt":"2025-08-01T09:19:12","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/08\/hackers-target-python-devs-in-phishing-attacks-using-fake-pypi-site"},"modified":"2025-08-01T04:19:12","modified_gmt":"2025-08-01T09:19:12","slug":"hackers-target-python-devs-in-phishing-attacks-using-fake-pypi-site","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/08\/hackers-target-python-devs-in-phishing-attacks-using-fake-pypi-site","title":{"rendered":"Hackers target Python devs in phishing attacks using fake PyPI site"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/hackers-target-python-devs-in-phishing-attacks-using-fake-pypi-site2.jpg\"><\/a><\/p>\n<p>The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.<\/p>\n<p>PyPI is a repository for Python packages, accessible at pypi.org, that offers a centralized platform for developers to distribute and install third-party software libraries. It hosts hundreds of thousands of packages and is the default source for Python\u2019s package management tools.<\/p>\n<p>\u201cPyPI has not been hacked, but users are being targeted by a phishing attack that attempts to trick them into logging in to a fake PyPI site. Over the past few days, users who have published projects on PyPI with their email in package metadata may have received an email titled \u2018[PyPI] Email verification\u2019 from the email address <a href=\"mailto:noreply@pypj.org\">noreply@pypj.org<\/a>,\u201d the <a href=\"https:\/\/blog.pypi.org\/posts\/2025-07-28-pypi-phishing-attack\/\" target=\"_blank\" rel=\"nofollow noopener\">PyPI admin Mike Fiedler cautioned<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a repository for Python packages, accessible at pypi.org, that offers a centralized platform for developers to distribute and install third-party software libraries. It hosts hundreds [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-219183","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/219183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=219183"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/219183\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=219183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=219183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=219183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}