News

PyPI now blocks domain resurrection attacks used for hijacking accounts

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking ...
Business Insider13y

Goodnight Byte: Coding a Web-Based Password Cracker in Python

Our mission for this week's Community Byte was to create a Python program to crack web-based passwords, like the ones you would see on an email or router login. I wanted it to be universal in the ...
The Hacker News10d

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

PyPI unverified 1,800 emails since June 2025 to block expired-domain attacks, strengthening open-source supply chain security.

PyPI takes action against domain hijacking and checks email addresses

To make mail hijacking more difficult, PyPI has been checking domain validity since June. In case of doubt, an abandoned email address loses its verification.