blog.pypi.org - - The Python Package Index Blog - PyPI Users are receiving emails detailing them to log in to a fake PyPI site.
PyPI has not been hacked, but users are being targeted by a phishing attack that attempts to trick them into logging in to a fake PyPI site.
Over the past few days, users who have published projects on PyPI with their email in package metadata may have received an email titled:
[PyPI] Email verification
from the email address noreply@pypj.org.
Note the lowercase j in the domain name, which is not the official PyPI domain, pypi.org.
This is not a security breach of PyPI itself, but rather a phishing attempt that exploits the trust users have in PyPI.
The email instructs users to follow a link to verify their email address, which leads to a phishing site that looks like PyPI but is not the official site.
The user is prompted to log in, and the requests are passed back to PyPI, which may lead to the user believing they have logged in to PyPI, but in reality, they have provided their credentials to the phishing site.
PyPI Admins are looking into a few methods of handling this attack, and want to make sure users are aware of the phishing attempt while we investigate different options.
There is currently a banner on the PyPI homepage to warn users about this phishing attempt.
Always inspect the URL in the browser before logging in.
We are also waiting for CDN providers and name registrars to respond to the trademark and abuse notifications we have sent them regarding the phishing site.
If you have received this email, do not click on any links or provide any information. Instead, delete the email immediately.
If you have already clicked on the link and provided your credentials, we recommend changing your password on PyPI immediately. Inspect your account's Security History for anything unexpected.
reuters.com - July 30 (Reuters) - More than 90 state and local governments have been targeted using the recently revealed vulnerability in Microsoft server software, according to a U.S. group devoted to helping local authorities collaborate against hacking threats.
The nonprofit Center for Internet Security, which houses an information-sharing group for state, local, tribal, and territorial government entities, provided no further details about the targets, but said it did not have evidence that the hackers had broken through.
None have resulted in confirmed security incidents," Randy Rose, the center's vice president of security operations and intelligence, said in an email.
A wave of hacks hit servers running vulnerable versions of Microsoft SharePoint this month, causing widespread concern. The campaign has claimed at least 400 victims, according to Netherlands-based cybersecurity firm Eye Security. Multiple federal government agencies are reportedly among the victims, and new ones are being identified every day.
On Wednesday, a spokesperson for one of the U.S. Department of Energy's 17 national labs said it was among those hit.
"Attackers did attempt to access Fermilab's SharePoint servers," the spokesperson said, referring to the U.S. Fermi National Accelerator Laboratory. "The attackers were quickly identified, and the impact was minimal, with no sensitive or classified data accessed." The Fermilab incident was first reported by Bloomberg.
The U.S. Department of Energy has previously said the SharePoint security hack has affected "a very small number" of its systems
channelnewsasia.com - The decision to identify cyber threat group UNC3886 was because Singaporeans “ought to know about it” given the seriousness of the threat, said the minister.
SINGAPORE: While naming a specific country linked to cyber threat group UNC3886 is not in Singapore’s interest at this point in time, the attack was still serious enough for the government to let the public know about the group, said Coordinating Minister for National Security and Minister for Home Affairs K Shanmugam on Friday (Aug 1).
Speaking to reporters on the side of the Cyber Security Agency of Singapore’s (CSA) Exercise Cyber Star, the national cybersecurity crisis management exercise, Mr Shanmugam said that when it comes to naming any country responsible for a cyber attack, “we always think about it very carefully”.
Responding to a question from CNA on reports tying the group to China, Mr Shanmugam said: “Media coverage (and) industry experts all attribute UNC3886 to some country … Government does not comment on this.
“We release information that we assess is in the public interest. Naming a specific country is not in our interest at this point in time.”
UNC3886 has been described by Google-owned cybersecurity firm Mandiant as a "China-nexus espionage group" that has targeted prominent strategic organisations on a global scale.
Mr Shanmugam had announced on Jul 18 that Singapore is actively dealing with a "highly sophisticated threat actor" that is attacking critical infrastructure, identifying the entity as UNC3886 without disclosing if it was a state-linked actor.
He said the threat actor poses a serious danger to Singapore and could undermine the country's national security, and added that it was not in Singapore's security interests to disclose further details of the attack then.
When asked the following day about UNC3886's alleged links to China and possible retaliation for naming them, Mr Shanmugam, who is also Home Affairs Minister, said this was "speculative".
"Who they are linked to and how they operate is not something I want to go into," he said.
Responding to media reports in a Jul 19 Facebook post, the Chinese embassy in Singapore expressed its "strong dissatisfaction" at the claims linking the country to UNC3886, stating that they were "groundless smears and accusations against China".
“In fact, China is a major victim of cyberattacks," it wrote.
"The embassy would like to reiterate that China is firmly against and cracks down (on) all forms of cyberattacks in accordance with law. China does not encourage, support or condone hacking activities."
On Friday, Mr Shanmugam also gave his reasons for disclosing the identity of threat actors like UNC3886.
“We look at the facts of each case (and) the degree of confidence we have before we can name. And when we decide to name the threat actor, we look at whether it is in Singapore's best interest,” said Mr Shanmugam, who is also the home affairs minister.
In this case, the threat, attack and compromise to Singapore’s infrastructure was “serious enough” and the government was confident enough to name UNC3886 as the perpetrators, he said.
“Here, we said this is serious. They have gotten in. They are compromising a very serious critical infrastructure. Singaporeans ought to know about it, and awareness has got to increase. And because of the seriousness, it is in the public interest for us to disclose,” said Mr Shanmugam.
therecord.media (01.08.2025) - Authorities in Luxembourg said a nationwide telecommunications outage in July was caused by a deliberately disruptive cyberattack. Huawei networking products were reportedly the target.
Luxembourg’s government announced on Thursday it was formally investigating a nationwide telecommunications outage caused last week by a cyberattack reportedly targeting Huawei equipment inside its national telecoms infrastructure.
The outage on July 23 left the country’s 4G and 5G mobile networks unavailable for more than three hours. Officials are concerned that large parts of the population were unable to call the emergency services as the fallback 2G system became overloaded. Internet access and electronic banking services were also inaccessible.
According to government statements issued to the country’s parliament, the attack was intentionally disruptive rather than an attempt to compromise the telecoms network that accidentally led to a system failure.
Officials said the attackers exploited a vulnerability in a “standardised software component” used by POST Luxembourg, the state-owned enterprise that operates most of the country’s telecommunications infrastructure. The government’s national alert system, which officials had intended to use to warn the population about the incident, failed to reach many people because it also depends on POST’s mobile network.
POST’s director-general described the attack itself as “exceptionally advanced and sophisticated,” but stressed it did not compromise or access internal systems and data. POST itself and the national CSIRT are currently forensically investigating the cause of the outage.
Although the government’s statements avoid naming the affected supplier, Luxembourg magazine Paperjam reported the attack targeted software used in Huawei routers. Paperjam added that the country’s critical infrastructure regulator is currently asking any organisations using Huawei enterprise routers to contact the CSIRT.
Remote denial-of-service vulnerabilities have previously been identified in the VRP network operating system used in Huawei’s enterprise networking products, although none have recently been publicly identified. Huawei’s press office did not respond to a request for comment.
The Luxembourg government convened a special crisis cell within the High Commission for National Protection (HCPN) to handle the response to the incident and to investigate its causes and impacts, alongside the CSIRT and public prosecutor.
The CSIRT’s full forensic investigation is intended to confirm how the attack happened, while the public prosecutor will assess whether a crime has taken place and if a perpetrator can be identified and prosecuted.
The incident has also accelerated Luxembourg’s national resilience review, a process already underway before the attack. Authorities, concerned that a single point of failure had such a dramatic disruptive effect, are now reassessing the robustness of critical infrastructure, including fallback procedures for telecom and emergency services.
Luxembourg is also exploring regulatory changes to allow mobile phones to automatically switch to other operators’ networks during telecom outages, a practice already used in countries like the United Kingdom, Germany and the United States for emergency calls.
techcrunch.com 24.07 - "We're getting a lot of stuff that looks like gold, but it's actually just crap,” said the founder of one security testing firm. AI-generated security vulnerability reports are already having an effect on bug hunting, for better and worse.
So-called AI slop, meaning LLM-generated low-quality images, videos, and text, has taken over the internet in the last couple of years, polluting websites, social media platforms, at least one newspaper, and even real-world events.
The world of cybersecurity is not immune to this problem, either. In the last year, people across the cybersecurity industry have raised concerns about AI slop bug bounty reports, meaning reports that claim to have found vulnerabilities that do not actually exist, because they were created with a large language model that simply made up the vulnerability, and then packaged it into a professional-looking writeup.
“People are receiving reports that sound reasonable, they look technically correct. And then you end up digging into them, trying to figure out, ‘oh no, where is this vulnerability?’,” Vlad Ionescu, the co-founder and CTO of RunSybil, a startup that develops AI-powered bug hunters, told TechCrunch.
“It turns out it was just a hallucination all along. The technical details were just made up by the LLM,” said Ionescu.
Ionescu, who used to work at Meta’s red team tasked with hacking the company from the inside, explained that one of the issues is that LLMs are designed to be helpful and give positive responses. “If you ask it for a report, it’s going to give you a report. And then people will copy and paste these into the bug bounty platforms and overwhelm the platforms themselves, overwhelm the customers, and you get into this frustrating situation,” said Ionescu.
“That’s the problem people are running into, is we’re getting a lot of stuff that looks like gold, but it’s actually just crap,” said Ionescu.
Just in the last year, there have been real-world examples of this. Harry Sintonen, a security researcher, revealed that the open source security project Curl received a fake report. “The attacker miscalculated badly,” Sintonen wrote in a post on Mastodon. “Curl can smell AI slop from miles away.”
In response to Sintonen’s post, Benjamin Piouffle of Open Collective, a tech platform for nonprofits, said that they have the same problem: that their inbox is “flooded with AI garbage.”
One open source developer, who maintains the CycloneDX project on GitHub, pulled their bug bounty down entirely earlier this year after receiving “almost entirely AI slop reports.”
The leading bug bounty platforms, which essentially work as intermediaries between bug bounty hackers and companies who are willing to pay and reward them for finding flaws in their products and software, are also seeing a spike in AI-generated reports, TechCrunch has learned.
