8 points | by miketheman a day ago
1 comments
This is a follow-up to the recent reporting on a phishing attack on PyPI (cf. https://news.ycombinator.com/item?id=44701913 ; https://news.ycombinator.com/item?id=44711408 ; https://news.ycombinator.com/item?id=44738345). It turns out that the compromise of the `num2words` package (cf. https://news.ycombinator.com/item?id=44712736) was a direct result of the attack (as I vaguely suspected).
This is a follow-up to the recent reporting on a phishing attack on PyPI (cf. https://news.ycombinator.com/item?id=44701913 ; https://news.ycombinator.com/item?id=44711408 ; https://news.ycombinator.com/item?id=44738345). It turns out that the compromise of the `num2words` package (cf. https://news.ycombinator.com/item?id=44712736) was a direct result of the attack (as I vaguely suspected).