HN Reader

Orion Browser by Kagi (kagi.com)

1 points by gtirloni 7s ago 0 comments

The Stuff That Matters (physiqonomics.com)

1 points by baxtr 32s ago 0 comments

Why build a domain-specific agent for front end tasks? (kombai.com)

1 points by pcwelder 39s ago 0 comments

Local-first search. A tale of frustrated dreams, utopian user experiences and C (fika.bar)

1 points by todsacerdoti 2m ago 0 comments

Show HN: AgentMail – Email infra for AI agents (chat.agentmail.to)

1 points by Haakam21 3m ago 0 comments

Show HN: Coroot – AI powered Root Cause Analysis using eBPF-based telemetry (coroot.ai)

1 points by openWrangler 3m ago 0 comments

Research identifies genetic predictor of weight loss with GLP-1RAs (medicalxpress.com)

1 points by PaulHoule 5m ago 0 comments

Global Constraint Catalog (sofdem.github.io)

3 points by todsacerdoti 6m ago 0 comments

Subpixel Rendering for Impossibly Small Terminal Text (hackaday.com)

1 points by jamesbowman 6m ago 0 comments

A Quantitative Model of Trust as a Predictor of Social Group Sizes (arxiv.org)

1 points by refset 7m ago 0 comments

Stack Overflow data reveals the hidden productivity tax of almost right AI code (venturebeat.com)

2 points by isaacfrond 8m ago 0 comments

Hijacking multi-agent systems in your PajaMAS (blog.trailofbits.com)

1 points by frabert 10m ago 0 comments

Why Today's Young Adults Are 4 Times More Likely to Have Rectal Cancer (studyfinds.org)

1 points by strict9 10m ago 0 comments

Show HN: BI chatbot in one Docker command (github.com)

1 points by BenderV 10m ago 0 comments

Fermat's Last Theorem in Lean – Imperial College London (github.com)

2 points by anonyonoor 11m ago 0 comments

Peacock feathers can emit laser beams (arstechnica.com)

2 points by teleforce 14m ago 0 comments

Eight months in, Swedish unicorn Lovable crosses the $100M ARR milestone (techcrunch.com)

1 points by indigodaddy 14m ago 0 comments

'Communities' of extreme life seen for first time in deep ocean (bbc.com)

2 points by kspacewalk2 15m ago 0 comments

Still Up. Still Evil (vulncheck.com)

2 points by albinol0bster 17m ago 0 comments

Every Single Human. Like. Always (randsinrepose.com)

1 points by speckx 17m ago 0 comments

From Frustration to Power: What We Learned at Nixcademy (lobste.rs)

1 points by domenkozar 18m ago 0 comments

Bootstrapped Private GenAI Startup Hits $1M Annual Revenue, Launches Helix 2.0 (blog.helix.ml)

1 points by lewq 19m ago 0 comments

Show HN: VectorSeek – Private AI-Powered Search (vectorseek.ai)

1 points by mwalker973 19m ago 0 comments

Remove Regulations for Sulphur Operations [pdf] (public-inspection.federalregister.gov)

1 points by impish9208 19m ago 0 comments

LLM DeepSeek on a par with proprietary models in clinical decision making (nature.com)

3 points by teleforce 21m ago 0 comments

When/how will Google Chrome respond to Comet?

1 points by moltenice 24m ago 2 comments

UK Users Must Now Verify Age to Access Certain Content on Spotify (nme.com)

2 points by cnity 25m ago 0 comments

Tuxedo InfinityBook Pro 15 Gen10 Laptop with AMD Strix Point and 128GB RAM (phoronix.com)

4 points by teleforce 26m ago 0 comments

Anaconda Raises $150M Series C (anaconda.com)

12 points by diverted247 28m ago 9 comments

Winning Remote Work Strategies: Tools, Routines, and Talent to Boost Team Output (theflock.com)

2 points by theflock2025 28m ago 0 comments

The Silent Revolution Is in AI Automation, Not Conversation (theflock.com)

1 points by theflock2025 29m ago 0 comments

Releasing Open Weights for FLUX.1 Krea (krea.ai)

3 points by vmatsiiako 29m ago 1 comments

GenAI Code Security Report [pdf] (veracode.com)

2 points by _tk_ 29m ago 0 comments

Are you using Jobs to be Done (businessofsoftware.org)

2 points by marklittlewood 30m ago 1 comments

What is gVisor? (blog.yelinaung.com)

8 points by yla92 31m ago 0 comments

Samsung Galaxy Z Fold 7 review: Quantum leap (arstechnica.com)

4 points by LaSombra 32m ago 0 comments

Orchestra Conductors Are Prompt Engineers (blog.charliemeyer.co)

2 points by csmeyer 32m ago 1 comments

$2.17B in crypto stolen in first half of 2025, driven by North Korean hacks (therecord.media)

1 points by PaulHoule 33m ago 0 comments

NHS disability equipment provider on brink of collapse a year after cyberattack (theregister.com)

4 points by rntn 34m ago 0 comments

Tesla Launches Ride Hailing Service in the Bay Area (twitter.com)

1 points by vagab0nd 34m ago 0 comments

Network tokens, the payment tech you've never heard of (birchtree.me)

2 points by speckx 36m ago 0 comments

OpenAI's "Study Mode" and the risks of flattery (resobscura.substack.com)

2 points by benbreen 36m ago 0 comments

Severe turbulence forces Delta plane to make emergency landing, 25 injured (theguardian.com)

14 points by voxadam 38m ago 4 comments

Reseller's Sourcing Assistant (tinyidea.net)

1 points by freeourdays 39m ago 1 comments

Show HN: Voice Isolate – dead simple speech audio enhancement (using AI) (voiceisolate.com)

1 points by johnhandler 40m ago 0 comments

Imaging reveals intricate tattoos of 2,500-year-old Siberian ice mummy (bbc.com)

3 points by dxs 41m ago 0 comments

Mira Murati former CTO of open AI reject $1B offer from META (timesofindia.indiatimes.com)

2 points by methuselah_in 42m ago 0 comments

Show HN: We Built a Serverless GPU Platform with Fast Cold Starts (dat1.co)

3 points by ayankovsky 43m ago 4 comments

AI Coding with Existing Complex Codebase (youtube.com)

2 points by sabrina_ramonov 44m ago 0 comments

Buddy Guy is keeping the blues alive. It hasn't been easy. (apnews.com)

2 points by petethomas 45m ago 0 comments

Hackers target Python devs in phishing attacks using fake PyPI site

2 DocFeind 2 7/30/2025, 7:11:56 PM bleepingcomputer.com ↗

Comments (2)

mikece · 18h ago
I wonder if anyone is falling for this and if they are new devs or people leveraging agentic coding and don't actually know Python well?
zahlman · 12h ago
It was first reported by a Python core developer. It seems like they are going after fairly high profile targets, such as maintainers of "critical" projects. To my understanding, the fake phishing site is about as good of a copy as they ever are. They appear to have basically copied the HTML and done a regex search-and-replace on the domain name.

It has nothing to do with "knowing Python well". It's a standard web-based phishing attack. If you publish packages on PyPI, then you will commonly also use the pypi.org web interface to manage a user and/or organization account. The attack isn't trying to exploit any kind of ignorance of what PyPI is or how Python works, or how the Python packaging ecosystem works. It's trying to exploit the visual confusion between "i" and "j".

Related:

https://news.ycombinator.com/item?id=44711408

https://news.ycombinator.com/item?id=44701913