More than 170,000 users are said to have been affected by an attack using fake Python infrastructure with “successful exploitation of multiple victims.” According to CheckMarx, members of the Top.gg GitHub organization as well as other developers were targeted, and it all hinged on various supply chain attack techniques to distribute malware-infected Python PyPI packages.

Source: The Register