This post will drill deeper into two recent supply chain exploits, targeting users of popular PyPI packages - litellm & telnyx.
We also provide Python developers and maintainers with guidance on what they can do to prepare
and protect themselves from future incidents.
Unfortunately the string of phishing attacks using domain-confusion
and legitimate-looking emails continues. This is the same attack PyPI saw a few months ago
and targeting many other open source repositories
but with a different domain name. Judging from this, we believe this type of campaign will continue
with new domains in the future.
The Python Package Index is introducing new restrictions to protect
Python package installers and inspectors from confusion attacks arising
from ZIP parser implementations. This has been done in response to
the discovery that the popular installer uv has a different extraction behavior
to many Python-based installers that use the ZIP parser implementation
provided by the zipfile standard library module.
Last week, the Python project “ultralytics” suffered a supply-chain attack through a compromise of the projects’ GitHub Actions workflows and subsequently its PyPI API token. No security flaw in PyPI was used to execute this attack. Versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46 were affected and have been removed from PyPI.