The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send them to a Heroku app. But what at first seemed like the work of a malicious actor turned out to be an exploit by a security researcher, who wanted to demonstrate how easy it is to take control of popular packages and the repositories hosting them.