Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push

An attacker is compromising hundreds of GitHub accounts and injecting identical malware into hundreds of Python repositories. The earliest injections date to March 8, 2026, and the campaign is still active with new repos continuing to be compromised.