PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

August 19, 2025

The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply chain attacks.
“These changes improve PyPI’s overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts,” Mike Fiedler, PyPI safety and security engineer at the Python

Source: Read More

Previous ArticleWhy Your Security Culture is Critical to Mitigating Cyber Risk

Next Article Investors beware: AI-powered financial scams swamp social media

Highlights

CVE-2025-7108 – Risesoft Y9 Digital-Infrastructure Remote Path Traversal Vulnerability

July 7, 2025

CVE ID : CVE-2025-7108

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : A vulnerability classified as critical was found in risesoft-y9 Digital-Infrastructure up to 9.6.7. Affected by this vulnerability is the function deleteFile of the file /Digital-Infrastructure-9.6.7/y9-digitalbase-webapp/y9-module-filemanager/risenet-y9boot-webapp-filemanager/src/main/java/net/risesoft/y9public/controller/Y9FileController.java. The manipulation of the argument fullPath leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Stop writing tests: Automate fully with Generative AI

Opsera’s Codeglide.ai lets developers easily turn legacy APIs into MCP servers

Black Duck Security GitHub App, NuGet MCP Server preview, and more – Daily News Digest

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

This new Coros watch has 3 weeks of battery life and tracks way more – even fly fishing

5 ways automation can speed up your daily workflow – and implementation is easy

This new C-suite role is more important than ever in the AI era – here’s why

iPhone users may finally be able to send encrypted texts to Android friends with iOS 26

Creating Dynamic Real-Time Features with Laravel Broadcasting

Creating Dynamic Real-Time Features with Laravel Broadcasting

Understanding Tailwind CSS Safelist: Keep Your Dynamic Classes Safe!

Sitecore’s Content SDK: Everything You Need to Know

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Microsoft admits it broke “Reset this PC” in Windows 11 23H2 KB5063875, Windows 10 KB5063709

Windows 11 can now screen record specific app windows using Win + Shift + R (Snipping Tool)

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

Creating Dynamic Real-Time Features with Laravel Broadcasting

Repurposing Protein Folding Models for Generation with Latent Diffusion

This Ecovacs robot vacuum and mop is a sleeper hit, and it handles carpeting like a champ

CVE-2025-0602 – “SolidWorks Collaborative Industry Innovator Stored XSS Vulnerability”

CVE-2025-46709 – Apache HTTP Server Kernel Heap Information Disclosure

CVE-2025-7571 – UTT HiPER 840G Buffer Overflow Vulnerability

CVE-2025-7108 – Risesoft Y9 Digital-Infrastructure Remote Path Traversal Vulnerability

CVE-2025-47673 – Arconix Shortcodes Cross-site Scripting (XSS)

CVE-2025-55165 – Autocaliweb API Key Exposure

CVE-2025-24288 – Versa Networks Default Credentials Exposé

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

Related Posts