Skip to content

Incident detail

Malicious takeover of ctx project on PyPI.

Malicious takeover of ctx project on PyPI.

Resolved incidentMinor0 affected services

Timeline window

to

Sponsored placement

Google AdSense placeholder

This slot is reserved for future AdSense placement. It stays as a non-invasive placeholder until a client ID and slot ID are configured.

Timeline

Incident updates

Updates are normalized from the official source chronology so timeline changes remain easy to scan.

  1. Resolved

    This incident has been resolved.

  2. Resolved

    Takeover of the ctx project was reported on multiple channels overnight and was mitigated as of 6:07 AM Eastern. We confirmed via investigation that this compromise was of a single user account due to re-registration over an expired domain. The domain that hosted the users email address was re-registered 2022-05-14T18:40:05Z and a password reset completed successfully for the user at 2022-05-14T18:52:40Z. Original releases were then deleted and malicious copies uploaded. PyPI itself was not directly compromised. Read the full incident report at [https://python-security.readthedocs.io/pypi-vuln/index-2022-05-24-ctx-domain-takeover.html](https://python-security.readthedocs.io/pypi-vuln/index-2022-05-24-ctx-domain-takeover.html).