Last updated 2 weeks ago
Telnyx, a communications technology company, experienced a supply chain attack through its Python package repository. The malicious versions 4.87.1 and 4.87.2 were published to the Python Package Index on March 27, 2026, with the attack targeting users who installed these compromised packages. The incident represents a continuation of TeamPCP's campaign against software supply chains.
The attack involved two malicious versions of the telnyx Python package that concealed credential harvesting functionality within a .WAV audio file. TeamPCP, previously responsible for attacks against Trivy, KICS, and litellm software projects, executed this supply chain compromise to steal sensitive data from affected systems. The malicious packages were designed to exfiltrate credentials and other sensitive information from compromised environments.
No post-incident developments regarding regulatory actions, litigation, ransom payments, or containment milestones were reported in the available information.
Threat actor pushed two malicious versions of the telnyx Python package to PyPI that concealed credential harvesting capabilities within a .WAV file
This attack demonstrates the critical vulnerability of software supply chains when package repositories lack robust integrity verification mechanisms. The incident highlights how threat actors can exploit trusted distribution channels like PyPI to distribute malicious code that evades traditional detection methods through steganographic techniques like hiding payloads in WAV files.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector
Threat Actor
Continent
Country
Industry
Attack Vector
Threat Actor