Key TakeawaysThe Python package num2words version 0.5.15 was published to PyPI without a corresponding tag in the official GitHub repositorySecurity researcher @johnk3r identified potential links to the "Scavenger" threat actor, known for previous supply chain attacksPyPI has removed the compromised package, preventing further installationsThis incident highlights the ongoing risks in the Python ecosystem's supply chain securityThe IncidentOn July 28, 2025, the Python community was alerted to a ...