Provider
PyPIIncident detail
Malicious takeover of ctx project on PyPI.
Malicious takeover of ctx project on PyPI.
Timeline window
to
Sponsored placement
Google AdSense placeholder
This slot is reserved for future AdSense placement. It stays as a non-invasive placeholder until a client ID and slot ID are configured.
Timeline
Incident updates
Updates are normalized from the official source chronology so timeline changes remain easy to scan.
Resolved
This incident has been resolved.
Resolved
Takeover of the ctx project was reported on multiple channels overnight and was mitigated as of 6:07 AM Eastern. We confirmed via investigation that this compromise was of a single user account due to re-registration over an expired domain. The domain that hosted the users email address was re-registered 2022-05-14T18:40:05Z and a password reset completed successfully for the user at 2022-05-14T18:52:40Z. Original releases were then deleted and malicious copies uploaded. PyPI itself was not directly compromised. Read the full incident report at [https://python-security.readthedocs.io/pypi-vuln/index-2022-05-24-ctx-domain-takeover.html](https://python-security.readthedocs.io/pypi-vuln/index-2022-05-24-ctx-domain-takeover.html).