Token Exfiltration Campaign via GitHub Actions Workflows

September 19, 2025

Incident report of a recent attack campaign targeting GitHub Actions workflows to exfiltrate PyPI tokens, our response, and steps to protect your projects.

Featured Sponsor

Sponsor Django News

Support the community and reach thousands of Django developers

Learn More

Weekly Newsletter

Get the latest Django news, articles, and projects delivered to your inbox every week. Curated by Jeff Triplett & William Vincent.

No spam, ever. Unsubscribe anytime.

Quick Links

Newsletter Archive
Submit a Link
Visit Curated