"PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted"

The maintainers of Python Package Index (PyPI), the official third-party software repository for the Python programming language, have disabled, until further notice, the ability for users to register and upload new packages. The volume of malicious users and malicious projects created on the index in the past week has exceeded their ability to respond on time, especially when multiple PyPI administrators are on leave. No additional information was disclosed regarding the nature of the malware or the threat actors responsible for publishing the malicious packages to PyPI. Software registries such as PyPI have repeatedly proved to be a popular target for attackers seeking to infect the software supply chain and compromise developer environments. For example, researchers at Phylum recently discovered an active malware campaign involving OpenAI ChatGPT-themed lures to trick developers into downloading a malicious Python module capable of capturing clipboard content and hijacking cryptocurrency transactions. This article continues to discuss the PyPI maintainers' decision to freeze new user and project registrations. 

THN reports "PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted"