Attackers targeted a wide variety of repositories, many of which had PyPI tokens stored as GitHub secrets, modifying their workflows to send those tokens to external servers. PyPI was not compromised. [ https://blog.pypi.org/posts/2025-09-16-github-actions-token-exfiltration/ ] #informatique