🚨 There is a new ongoing phishing campaign against PyPI users. This campaign uses the same tactics as the previous campaign targeting PyPI users, but with a new domain.
Read more about what steps we're taking to protect PyPI users from future campaigns:
https://blog.pypi.org/posts/2025-09-23-plenty-of-phish-in-the-sea/
Python Package Index
npub1g5…68fy6
2025-09-23 16:25:05 UTC
Author Public Key
npub1g52zm7t45x9srp48swy44hc03k2qzkckd63vyqfl0jvnvkzz8n0ql68fy6Seen on
wss://relay.momostr.pinkPublished at
2025-09-23 16:25:05 UTCEvent JSON
{
"id": "fb2cd85a9821cc98a93acf9e697065aa189351d29164cdb87f5d791d6c23f2d7",
"pubkey": "45142df975a18b0186a783895adf0f8d94015b166ea2c2013f7c993658423cde",
"created_at": 1758644705,
"kind": 1,
"tags": [
[
"proxy",
"https://fosstodon.org/@pypi/115254539442576645",
"web"
],
[
"proxy",
"https://fosstodon.org/users/pypi/statuses/115254539442576645",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://fosstodon.org/users/pypi/statuses/115254539442576645",
"pink.momostr"
],
[
"-"
]
],
"content": "🚨 There is a new ongoing phishing campaign against PyPI users. This campaign uses the same tactics as the previous campaign targeting PyPI users, but with a new domain.\n\nRead more about what steps we're taking to protect PyPI users from future campaigns:\nhttps://blog.pypi.org/posts/2025-09-23-plenty-of-phish-in-the-sea/",
"sig": "f1ce247a61168b1490ba0de7de482905dcf220d197eeab055be58cf1ffa00f3df8f01c6f8672d57a47764fb6e965b75c7fa64c2cb54784b25228deb28ed42e3e"
}