A security scanner named 'mcp-bandit' was added to the Python Package Index (PyPI) repository, posing as a legitimate tool but likely containing malicious code. The attack targets developers using Model Context Protocol (MCP) servers by compromising their Python environments, enabling potential supply-chain attacks. Users who installed the package may have unknowingly exposed their systems to data theft or further exploitation.