Mastodawn

Telnyx Python SDK: Supply Chain Security Notice

https://telnyx.com/resources/telnyx-python-sdk-supply-chain-security-notice-march-2026

Telnyx Python SDK Security Notice: Malicious PyPI Versions Identified (March 2026)

Telnyx identified and removed malicious Python SDK versions (4.87.1 and 4.87.2) published to PyPI. The platform was not compromised. Learn who is affected and the steps to remediate securely.

Show thread

TZubiri 1d ago

Shoutouts to all the real engineers who use a generic http client to call APIs and weren't impacted by this.

Show thread

ivanvanderbyl 1d ago

Has anyone here used Telnyx? I tried to build a product against their API last year and 3 weeks after signing up they banned my account and made it impossible to get an answer as to why or re-enable it.

Show thread

TZubiri 1d ago

I like it so far. Did you call phone support at the time and ask about it? I find it's easy enough to get in a call with a human.

Show thread

midnightrun_ai 1d ago

[dead]

Show thread

ramimac 1d ago

This is tied to the TeamPCP activity over the last few weeks. Previously: Trivy, KICS, LiteLLM

I've been responding, and keeping an up to date timeline. Sharing to help contextualize this incident:
https://ramimac.me/teampcp/#phase-10

TeamPCP Supply Chain Campaign | Attack Timeline & IOCs

Timeline and IOCs for TeamPCP's March 2026 supply chain campaign. Trivy, KICS, LiteLLM, and 45+ npm packages compromised through chained credential theft.