Description
In September 2025, the Python Software Foundation (PSF) canceled all PyPI tokens stolen in the GhostAction attack. These tokens, which let developers publish packages on PyPI, were taken through malicious GitHub Actions workflows. Luckily, investigators found no signs that the attackers used them to upload harmful packages.
Attack Details
On September 5th, GitGuardian reported malicious GitHub Actions workflows (e.g., FastUUID) attempting to steal PyPI tokens. A delayed response due to a missed email allowed attackers to compromise over 3,300 secrets across multiple platforms (PyPI, npm, DockerHub, GitHub, Cloudflare, AWS, and databases). More than 570 repositories were affected, with some companies’ SDK portfolios fully exposed. PyPI, led by Mike Fiedler (a PyPI administrator and security engineer with the Python Software Foundation), invalidated all stolen tokens and advised maintainers to switch to short-lived Trusted Publishers tokens for better protection.
Remediation
The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.
PDF Download: PyPI Invalidates Tokens Stolen in GhostAction Supply Chain Attack
References