Data‑center fire safety market boom – Expected to grow from $1.4 B in 2024 to over $3 B by 2034. Eco‑friendly flame retardants surge – Non‑halogenated products projected to reach $7.5 trillion by 2035. Automatic fire sprinkler growth in Europe – Uptake rising due to new regulations and technological advances. Global first‑aid market expansion – Driven by stricter workplace safety rules and increased awareness. Fire‑rated door demand rising – Market expected to exceed $60 B by 2027. Fireproofing materials surge – Projected to hit $2.5 B globally by 2032 due to urban development. AI‑powered safety inspections – Revolutionizing risk prediction, compliance tracking, and accident prevention. Battery‑fire safety regulations – Proposed standards for e‑bikes and e‑scooters address rising lithium fires. Smart suppression systems – Buildings adopting real-time, intelligent fire detection and response tech. VR fire‑drill training – Virtual and augmented reality used for immersive safety drills and simulations. Machine‑learning false‑alarm reduction – Smarter smoke detectors with advanced data models reduce errors. Residential electrical fire surges – Overloaded circuits and aging infrastructure causing urban fire spikes. Community fire‑norm tightening – Neighborhoods enhancing evacuation plans and safety audits. Highway truck fire incidents – Major transport routes increasingly disrupted by vehicular fires. Heatwave‑linked workforce risks – High temperatures causing increased health incidents on the job. Workplace psychosocial hazards – Burnout, stress, and mental health now prioritized in safety planning. Wearables & connected‑worker tech – Smart helmets, vests, and watches boost real-time health monitoring. Fatigue‑driven safety risks – Healthcare and logistics sectors face growing issues from long shifts. Hazardous heat exposure protocols – Employers adopt hydration stations and cooling breaks amid rising heat. Global OSH literacy push – Global efforts to improve safety signage understanding and hazard training.
Emerging Trends & Technology Artificial Intelligence in Safety Inspections. Wearable Safety Tech & Connected Workers. Smart PPE: Sensors and Real-time Monitoring. Virtual Reality (VR) for Safety Training. Data-Driven Safety Analytics & Dashboards. Physical Safety & Risk Management. Fall Protection Systems and Best Practices. Hazard Identification & Risk Assessment (HIRA). Confined Space Entry Safety Protocols. Machine Guarding and Lockout/Tagout (LOTO). Fire Safety: Prevention, Drills, and Equipment Standards. Chemical & Environmental Safety. Hazardous Material (HAZMAT) Handling Procedures. Respiratory Protection in Toxic Environments. Heat Stress and Cold Exposure Management. Indoor Air Quality and Ventilation Control. Waste Management and Environmental Compliance. Health & Wellbeing at Work Psychosocial Risks and Mental Health at Work. Ergonomics in Office and Industrial Settings. Workplace Fatigue and Sleep Deprivation Risks. Substance Abuse Policies and Testing Programs. Occupational Diseases: Prevention and Reporting. Regulatory, Culture & Compliance. ISO 45001 Certification and Implementation. Creating a Culture of Safety: Leadership Roles. Incident Investigation and Root Cause Analysis. Legal Liability and Compliance in OHS. Worker Participation and Safety Committees.

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks. The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply chain attacks.

“These changes improve PyPI’s overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts,” Mike Fiedler, PyPI safety and security engineer at the Python Software Foundation (PSF), said.

With the latest update, the intention is to tackle domain resurrection attacks, which occur when bad actors purchase an expired domain and use it to take control of PyPI accounts through password resets.

PyPI said it has unverified over 1,800 email addresses since early June 2025, as soon as their associated domains entered expiration phases. While this is not a foolproof solution, it helps plug a significant supply chain attack vector that would otherwise appear legitimate and hard to detect, it added.

Email addresses are tied to domain names that, in turn, can lapse, if left unpaid – a critical risk for packages distributed via open-source registries. The threat is magnified if those packages have long been abandoned by their respective maintainers, but are still in a fair amount of use by downstream developers.

PyPI users are required to verify their email addresses during the account registration phase, thus ensuring that the provided addresses are valid and accessible to them. But this layer of defense is effectively neutralized should the domain expire, thus allowing an attacker to purchase the same domain and initiate a password reset request, which would land in their inbox (as opposed to the actual owner of the package).

From there, all the threat actor has to do is follow through the steps to gain access to the account with that domain name. The threat posed by expired domains arose in 2022, when an unknown attacker acquired the domain used by the maintainer of the ctx PyPI package to gain access to the account and publish rogue versions to the repository.

The latest safeguard added by PyPI aims to prevent this kind of account takeover (ATO) scenario and “minimize potential exposure if an email domain does expire and change hands, regardless of whether the account has 2FA enabled.” It’s worth noting that the attacks are only applicable to accounts that have registered using email addresses with a custom domain name.

PyPI said it’s making use of Fastly’s Status API to query the status of a domain every 30 days and mark the corresponding email address as unverified if it has expired.

Users of the Python package manager are being advised to enable two-factor authentication (2FA) and add a second verified email address from another notable domain, such as Gmail or Outlook, if the accounts only have a single verified email address from a custom domain name.

OHS Magazine
Scroll to Top