Fortinet uncovered a wave of zero-day attacks targeting PyPI packages by a cybercriminal group dubbed Core1337. It has published five packages to the public repository – all designed to launch different types of attacks. All the malicious packages have similar code in the setup.py file, the only major difference between them is the webhook URL. Developers are suggested to stay extra cautious when downloading PyPI packages.