HabrApr 6

[Перевод] Отчёт PSF об инциденте атаки на цепочку поставок LiteLLM/Telnyx + рекомендации

В этой статье рассмотрены две недавние атаки на цепочку поставок, направленные на пользователей популярных пакетов PyPI — litellm и telnyx. Также описаны рекомендации разработчикам и сопровождающим Python о том как подготовиться и защитить свои проекты.

https://habr.com/ru/articles/1019638/

#pypi #litellm #telnyx #security #атака_на_цепочку_поставок #best_practices #безопасность #python #trusted_publishers #trivy

Отчёт PSF об инциденте атаки на цепочку поставок LiteLLM/Telnyx + рекомендации

В этом статье мы подробно рассмотрим две недавние атаки на цепочку поставок популярных пакетов PyPI — litellm и telnyx. Мы также предоставим разработчикам и сопровождающим Python...

Хабр
Python RennesApr 3

RE: https://fosstodon.org/@pypi/116335453780319113

rapport d'incident par @miketheman & @sethmlarson sur la corruption de #liteLLM & #Telnyx via #Trivy : https://blog.pypi.org/posts/2026-04-02-incident-report-litellm-telnyx-supply-chain-attack/

Conseils :
- délai de précaution dans la montée de version des dépendances
-- pip.conf
[install]
uploaded-prior-to = P3D
-- uv.toml / pyproject.toml
[tool.uv]
exclude-newer = "P3D"
- utiliser un lockfile pour les dépendances transitives
- publication : par le trusted publishing, surveiller les PR touchant aux workflows de CI

#Python #PyPI #cybersécurité #supplychain

The New OilMar 30

Backdoored #Telnyx #PyPI package pushes #malware hidden in #WAV #audio

https://www.bleepingcomputer.com/news/security/backdoored-telnyx-pypi-package-pushes-malware-hidden-in-wav-audio/

#cybersecurity

Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file.

BleepingComputer
Hackread.comMar 30

#TeamPCP strikes again. Hackers hid credential-stealing malware inside a fake ringtone file in tainted #Telnyx SDK versions, targeting developers via a supply chain attack.

Read: https://hackread.com/teampcp-fake-ringtone-file-tainted-telnyx-sdk-credentials/

#CyberSecurity #DataBreach #SupplyChainAttack #Malware

TeamPCP Uses Fake Ringtone File in Tainted Telnyx SDK to Steal Credentials

TeamPCP hackers planted malicious code in tainted Telnyx Python SDK versions using a fake ringtone file to steal credentials, crypto wallets, and keys.

Hackread - Cybersecurity News, Data Breaches, AI and More
Thomas StrömbergMar 27

With the #telnyx #supplychain attack, you might be wondering, would #litmus have caught it? Yes, it was flagged as suspicious, even before the samples hit PyPI.

See for yourself: https://lab.atomdrift.org/file/d7efd244cc294d94b848820df9278eac80390064d108151b877484ec3fe7b18e

Hacker NewsMar 27

The telnyx packages on PyPI have been compromised

https://lwn.net/Articles/1065059/

#HackerNews #telnyx #PyPI #compromise #security #cybersecurity #Python #packages

The telnyx packages on PyPI have been compromised

The SafeDep blog reports that compromised versions of the telnyx package have been found in the [...]

LWN.net
N-gated Hacker NewsMar 27
🚨 Breaking news: TeamPCP's daring #heist into Telnyx's PyPI packages is the digital equivalent of leaving banana peels in the server room! 🍌👾 Meanwhile, GitHub's "brilliant" suggestion is to sip some AI-flavored Kool-Aid and automate your way out of this Python pickle. 🤖🔧
https://github.com/team-telnyx/telnyx-python/issues/235 #BreakingNews #TeamPCP #Telnyx #PythonAutomation #AIKoolAid #HackerNews #ngated
[SECURITY] PyPI versions 4.87.1 and 4.87.2 are compromised — malicious code injected into _client.py · Issue #235 · team-telnyx/telnyx-python

Updates 2026-03-27 10:13 UTC Both malicious versions have been quarantined by PyPI. Full technical analysis with mitigations and IoCs: Endor Labs — TeamPCP Strikes Again: telnyx Compromised Three D...

GitHub
Hacker NewsMar 27

Telnyx v4.87.1 and v4.87.2 are compromised by TeamPCP

https://github.com/team-telnyx/telnyx-python/issues/235

#HackerNews #Telnyx #TeamPCP #Security #Vulnerability #Compromise

[SECURITY] PyPI versions 4.87.1 and 4.87.2 are compromised — malicious code injected into _client.py · Issue #235 · team-telnyx/telnyx-python

Updates 2026-03-27 10:13 UTC Both malicious versions have been quarantined by PyPI. Full technical analysis with mitigations and IoCs: Endor Labs — TeamPCP Strikes Again: telnyx Compromised Three D...

GitHub
Hacker NewsMar 27

Telnyx Python SDK: Supply Chain Security Notice

https://telnyx.com/resources/telnyx-python-sdk-supply-chain-security-notice-march-2026

#HackerNews #Telnyx #Python #SDK #Supply #Chain #Security #Notice #Cybersecurity #PythonSDK #SupplyChainSecurity #Telnyx

Telnyx Python SDK Security Notice: Malicious PyPI Versions Identified (March 2026)

Telnyx identified and removed malicious Python SDK versions (4.87.1 and 4.87.2) published to PyPI. The platform was not compromised. Learn who is affected and the steps to remediate securely.

Hacker NewsMar 27

PyPI package telnyx has been compromised in yet another supply chain attack

https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm

#HackerNews #PyPI #telnyx #supplychainattack #cybersecurity #open-source #securitybreach

Popular telnyx package compromised on PyPI by TeamPCP

The popular telnyx packageon PyPI, used by big AI companies, has been compromised by TeamPCP