Overview

• Mozilla and PyPI have confirmed coordinated phishing efforts that impersonate official update notices to harvest developer credentials.
• Fraudulent emails exploit spoofed sender domains like mozila.org and pypj.org to mislead recipients into clicking malicious links.
• At least one developer has reported a compromise and security firms warn stolen credentials could facilitate supply chain attacks.
• Mozilla recently rolled out protections against wallet-draining extensions and is monitoring AMO accounts for further phishing activity.
• Developers are advised to verify email authentication using SPF, DKIM and DMARC checks and to avoid entering credentials through unsolicited links.