Sonatype detected several malicious Python packages on the PyPI repository that have been stealing sensitive information, including AWS credentials, and uploading it to publicly exposed endpoints. Sonatype has reported the malicious packages to PyPI; the packages have been removed from the repository. More https://blog.sonatype.com/python-packages-upload-your-aws-keys-env-vars-secrets-to-web
