PyPI invalidates tokens stolen in GhostAction supply chain attack
From BleepingComputer to All on Thu Sep 18 09:46:23 2025
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish malware. [...]