Takeover of the ctx project was reported on multiple channels overnight and was mitigated as of 6:07 AM Eastern.
We confirmed via investigation that this compromise was of a single user account due to re-registration over an expired domain. The domain that hosted the users email address was re-registered 2022-05-14T18:40:05Z and a password reset completed successfully for the user at 2022-05-14T18:52:40Z. Original releases were then deleted and malicious copies uploaded.
PyPI itself was not directly compromised.
Read the full incident report at https://python-security.readthedocs.io/pypi-vuln/index-2022-05-24-ctx-domai…
Director of Infrastructure
Python Software Foundation