inbox.ru Domain Prohibition Follow-up
A follow-up to the previous post. We have since learned that the campaign was orchestratedby the company that owns the inbox.ru email domain,and not by a malicious third party as we initially suspected. Following the previous post,a representative of the parent company for inbox.ru reached outto PyPI Admins to discussContinue Reading
Prohibiting inbox.ru email domain registrations
A recent spam campaign against PyPI has prompted an administrative action,preventing using the inbox.ru email domain.This includes new registrations as well as adding as additional addresses. The campaign created over 250 new user accounts,publishing over 1,500 new projects on PyPI,leading to end-user confusion, abuse of resources, and potential security issues.Continue Reading
Incident Report: Organizations Team privileges
On April 14, 2025 security@pypi.org was notified of a potential security concernrelating to privileges granted to a PyPI User via Organization Teams membershippersisting after the User was removed from the PyPI Organization the Team belongs to. We validated the report as a true finding, identified all cases where this scenariohadContinue Reading
Introducing our new Terms of Service
We’re introducing a newTerms of Serviceto formalize our relationship to usersand enable us to move forward with providing new features and services,specificallyOrganization Accounts. PyPI has had some form of Terms of Usedocument for users since itbegan accepting uploads in 2005and has only been updated twice1 since.These terms have primarily servedContinue Reading
PyPI Now Supports Project Archival
Support for marking projects as archived has landed on PyPI. Maintainers can nowarchive a project to let users know that the project is not expected to receiveany more updates. This allows users to make better decisions about which packages they depend on,especially regarding supply-chain security, since archived projects clearlysignal thatContinue Reading
Project Quarantine
Earlier this year, I wrote briefly about new functionality added to PyPI, theability to quarantine projects.This feature allows PyPI administrators to mark a project as potentially harmful,and prevent it from being easily installed by users to prevent further harm. In this post I’ll discuss the implementation, and further improvements toContinue Reading
Supply-chain attack analysis: Ultralytics
Last week, the Python project “ultralytics” suffered a supply-chain attack through a compromise of the projects’ GitHub Actions workflows and subsequently its PyPI API token. No security flaw in PyPI was used to execute this attack. Versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46 were affected and have been removed from PyPI.Continue Reading
Best Linux VPS Providers – Top 10 Ranked
Nowadays, people struggle to find the Best Linux VPS providers with affordable prices, an on-time and technical support team, no hidden fees, global locations, various payment methods, and hassle-free. Criteria for Ranking Best Linux VPS Providers Based on the customer reviews, I found that today, people are looking for decent and round-the-clockContinue Reading
How to Factory Reset SIP Phones
Learn how to factory reset sip phones-all models. Scope: The following steps will allow you to factory reset the following SIP phones. Requirements: Some phones & firmware may require admin password to reset. It is recommended to ask your service provider or phone vendor to provide these password prior toContinue Reading
How to Set Up a Virtual Machine Host With Ubuntu Server
Virtual machines (VMs) are computer systems-within-computers. Each VM runs its own operating system and simulated hardware, providing it with autonomy from its host machine and offering strong isolation for resource intensive applications. Ubuntu Server is an emerging enterprise virtualization option that offers many benefits to businesses. In this article we’llContinue Reading