Preventing Domain Resurrection Attacks PyPI has implemented new security measures to prevent domain resurrection attacks, where expired domains are re-registered by attackers to hijack accounts via password resets. Since June 2025, PyPI has unverified over 1,800 email addresses tied to expiring domains, blocking these addresses from being used for account recovery and enhancing account security. blog.pypi.org/posts/2025-08-…