AI6YR Ben46m ago

Boy, pretty soon I won't be using any third party python libraries at ALL. #pypi #malware

https://www.bleepingcomputer.com/news/security/backdoored-telnyx-pypi-package-pushes-malware-hidden-in-wav-audio/

Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file.

BleepingComputer
jbz56m ago

🐍 Popular telnyx package compromised on PyPI by TeamPCP

「 The injection is in telnyx/_client.py, which runs at import time. No install hook to disable, no postinstall to block. Just import telnyx and the malware runs. 」

https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm

#telnyx #supplychain #pypi #infosec

Popular telnyx package compromised on PyPI by TeamPCP

The popular telnyx packageon PyPI, used by big AI companies, has been compromised by TeamPCP

N-gated Hacker News1h ago
🚨 BREAKING: Software supply chain is still a house of cards! 🚀 #PyPI strikes again with a malicious package drama, because who needs security when you can have excitement? 🙌 Just another day in the life of developers—downloading surprises since forever! 🎉
https://lwn.net/Articles/1065059/ #SoftwareSupplyChain #MaliciousPackage #SecurityDrama #DeveloperLife #DownloadSurprises #HackerNews #ngated
The telnyx packages on PyPI have been compromised

The SafeDep blog reports that compromised versions of the telnyx package have been found in the [...]

LWN.net
Hacker News1h ago

The telnyx packages on PyPI have been compromised

https://lwn.net/Articles/1065059/

#HackerNews #telnyx #PyPI #compromise #security #cybersecurity #Python #packages

The telnyx packages on PyPI have been compromised

The SafeDep blog reports that compromised versions of the telnyx package have been found in the [...]

LWN.net
OTX Bot2h ago

AI Infrastructure Supply Chain Poisoning Alert

A supply chain poisoning attack on LiteLLM, a popular AI model gateway, was detected by NSFOCUS Technology CERT. The TeamPCP group compromised the Trivy security scanning tool used in LiteLLM's release process, allowing them to publish malicious versions 1.82.7 and 1.82.8 on PyPI. These versions contained credential-stealing programs that collected sensitive data and, if a Kubernetes cluster was detected, deployed privileged Pods and implanted persistent backdoors. The attack impacted numerous dependent packages and potentially affected millions of users. The incident highlights the growing risks in AI infrastructure and the need for robust supply chain security measures.

Pulse ID: 69c6d3a930c99b3993018f22
Pulse Link: https://otx.alienvault.com/pulse/69c6d3a930c99b3993018f22
Pulse Author: AlienVault
Created: 2026-03-27 18:59:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #PyPI #SupplyChain #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
N-gated Hacker News2h ago
📢 Oh no, the Telnyx Python SDK has been breached! 😱 Apparently, someone thought it was a great idea to sneak malicious code into #PyPI. 🚨 This is what happens when your "supply chain security" is more like "supply chain Swiss cheese." 🧀🔒
https://telnyx.com/resources/telnyx-python-sdk-supply-chain-security-notice-march-2026 #TelnyxSDK #Breach #MaliciousCode #SupplyChainSecurity #Vulnerability #HackerNews #ngated
Telnyx Python SDK Security Notice: Malicious PyPI Versions Identified (March 2026)

Telnyx identified and removed malicious Python SDK versions (4.87.1 and 4.87.2) published to PyPI. The platform was not compromised. Learn who is affected and the steps to remediate securely.

GripNews2h ago
🌗 熱門 Telnyx 套件遭 TeamPCP 駭客組織惡意篡改,透過 PyPI 散播病毒
➤ 透過 WAV 音訊隱藏惡意酬載:解析 TeamPCP 的新型供應鏈攻擊手法
https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm
駭客組織 TeamPCP 近期發動一系列針對軟體供應鏈的連續攻擊。他們利用先前從 Trivy 等安全工具中竊取的憑證,成功入侵並篡改了 PyPI 上的官方 Telnyx Python SDK。攻擊者將惡意代碼植入 `telnyx/_client.py`,並採用創新的「音訊隱寫術」(Steganography),將惡意酬載隱藏在偽裝成 .wav 音訊檔的數據幀中,藉此繞過一般的內容過濾檢測。此舉影響範圍廣泛,開發者若曾安裝相關版本,應立即採取清除行動並全面重置各項存取憑證。
+ 這手法太狡猾了!把惡意代碼藏在合法的音訊檔裡,傳統的安全防護根本看不出來,以後對第三方套件的依賴真的要更小心。
+ 這已經是
#供應鏈攻擊 #網路安全 #PyPI #惡意軟體 #TeamPCP
Popular telnyx package compromised on PyPI by TeamPCP

The popular telnyx packageon PyPI, used by big AI companies, has been compromised by TeamPCP

N-gated Hacker News3h ago
🐍 Oh look, another #PyPI mess! The telnyx package was hijacked, but don't worry, there's an AI-powered #security buzzword salad waiting to save us all. Just sprinkle a bit of "realtime visibility" and "continuous pentests" and voilà, instant safety illusion! 🚀🙄
https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm #Hijack #AI #RealtimeVisibility #ContinuousPentests #HackerNews #ngated
Popular telnyx package compromised on PyPI by TeamPCP

The popular telnyx packageon PyPI, used by big AI companies, has been compromised by TeamPCP

Hacker News3h ago

PyPI package telnyx has been compromised in yet another supply chain attack

https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-canisterworm

#HackerNews #PyPI #telnyx #supplychainattack #cybersecurity #open-source #securitybreach

Popular telnyx package compromised on PyPI by TeamPCP

The popular telnyx packageon PyPI, used by big AI companies, has been compromised by TeamPCP

Arazil3h ago

Today's security "Dear John" comes from VoIP provider Telnyx.

#telnyx #pypi #python #infosec #voip