Hackers Hijacked a GitHub Actions Workflow to Push Malicious Code to PyPI
It's FOSS [Unofficial]
April 28, 2026
Elementary Data's open source CLI was the victim, and v0.23.3 is not a version you want installed.
Discussion in the ATmosphere