Malware Blitz Prompts PyPI to Halt Registrations and Project Creation
March 28, 2024
PyPI halts new user registration and project creation due to a malware campaign.
Attackers uploaded over 365 malicious packages using automation and typosquatting.
The incident highlights a broader pattern of attacks against open source repositories.
There's a heightened focus on the need for stringent verification of software components.
PyPI introduces mandatory two-factor authentication for project maintainers to enhance security.
Ongoing threats persist against package repositories and software supply chains.
Summary based on 5 sources
Get a daily email with more Startups stories
Sources

Ars Technica • Mar 28, 2024
PyPI halted new users and projects while it fended off supply-chain attack
BleepingComputer • Mar 28, 2024
PyPI suspends new user registration to block malware campaign
SecurityWeek • Mar 28, 2024
Malware Upload Attack Hits PyPI Repository
Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News • Mar 28, 2024
PyPI Suspends New Projects and Users Due to Malicious Packages