Supply Chain Attacks Overflow: PyPI Suspended New Registrations

On May 20th, in an unprecedented move, PyPI (the official Python Package manager) announced they are temporarily suspending new users and new projects registration. This dramatic announcement follows a long line of incidents in which malicious packages were uploaded to PyPI, as well as other package managers. Following this topic closely for over a year, we in Legit observe a huge increase in the number of attackers trying to exploit this attack surface.

As the PyPI team stated: “The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion.” This incident was resolved on May 21st.

The post Supply Chain Attacks Overflow: PyPI Suspended New Registrations appeared first on Security Boulevard.