While some tokens stored as GitHub secrets were successfully exfiltrated, PyPI administrators have confirmed that the platform itself was not compromised and the stolen tokens do not appear to have been used.
The attack campaign involved modifying GitHub Actions workflows across a wide variety of repositories. The malicious code was designed to capture PyPI publishing tokens that were stored as secrets and send them to an external server controlled by the attackers.
Security researchers at GitGuardian first discovered the activity on September 5th, when they reported a suspicious GitHub Actions workflow in a project named fastuuid.
The report, submitted through PyPI’s malware reporting tool, alerted PyPI security to the potential exfiltration attempt.
Although the attackers managed to steal some tokens, PyPI has found no evidence of them being used to publish malicious packages or compromise accounts on the platform.
Following the initial report, a GitGuardian researcher sent a more detailed email to PyPI Security, but it was mistakenly routed to a spam folder, delaying the response until September 10th.
Once aware of the full scope, PyPI administrators began a triage process and collaborated with GitGuardian, sharing an additional Indicator of Compromise (IoC) in the form of a URL to aid the investigation.
During this time, many of the affected project maintainers had already been notified by the researchers through public issue trackers.
They responded by reverting the malicious changes or force-pushing to remove the compromised workflows from their repository history, with many also proactively rotating their PyPI tokens.
On September 15th, after confirming no PyPI accounts were compromised, the platform’s security team invalidated all affected tokens and formally notified the project maintainers.
In response to the incident, PyPI is strongly recommending that developers transition away from using long-lived API tokens for publishing packages. The most effective defense against this type of attack is to adopt Trusted Publishers.
This feature utilizes short-lived tokens that are automatically generated for a specific workflow run and are scoped to a particular repository, significantly reducing the window of opportunity for attackers even if a token is exfiltrated.
PyPI administrators have advised all users who publish packages via GitHub Actions to implement Trusted Publishers immediately. Additionally, developers are encouraged to review their account security history on the PyPI website for any suspicious activity.
The successful containment of this incident was credited to the collaboration between PyPI and the security researchers at GitGuardian.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Hackers Injecting Malicious Code into GitHub Actions Workflows to Steal PyPI Publishing Tokens appeared first on Cyber Security News.
A new macOS malware called notnullOSX has surfaced in early 2026, specifically built to steal…
A new macOS malware called notnullOSX has surfaced in early 2026, specifically built to steal…
A new malware campaign is tricking traders into downloading a data-stealing tool by impersonating the…
A new malware campaign is tricking traders into downloading a data-stealing tool by impersonating the…
A nation-state-linked hacking group has found a clever way to hide its malicious activity inside…
Upper Merion Township in the Philadelphia suburbs is no stranger to development. During the holiday…
This website uses cookies.