Mastodawn

Telnyx Python SDK: Supply Chain Security Notice

https://telnyx.com/resources/telnyx-python-sdk-supply-chain-security-notice-march-2026

Telnyx Python SDK Security Notice: Malicious PyPI Versions Identified (March 2026)

Telnyx identified and removed malicious Python SDK versions (4.87.1 and 4.87.2) published to PyPI. The platform was not compromised. Learn who is affected and the steps to remediate securely.

Show thread

ramimac

This is tied to the TeamPCP activity over the last few weeks. Previously: Trivy, KICS, LiteLLM

I've been responding, and keeping an up to date timeline. Sharing to help contextualize this incident:
https://ramimac.me/teampcp/#phase-10

TeamPCP Supply Chain Campaign | Attack Timeline & IOCs

Timeline and IOCs for TeamPCP's March 2026 supply chain campaign. Trivy, KICS, LiteLLM, and 45+ npm packages compromised through chained credential theft.