Popular telnyx package compromised on PyPI by TeamPCP
The popular telnyx packageon PyPI, used by big AI companies, has been compromised by TeamPCP Category: Vulnerabilities & Threats
Read the full articleYou might also wanna read
Compromised telnyx on PyPI: WAV Steganography and Credential Theft
Analysis of malicious telnyx 4.87.1 and 4.87.2 on PyPI — a package with over 1 million monthly downloads: injected code uses WAV audio stega
LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
On March 24 and 27, 2026, malicious PyPI releases of LiteLLM and Telnyx were published as part of the TeamPCP supply chain campaign. We trac
PyPI Package 'Lightning' Compromised in Supply Chain Attack Affecting AI/ML Developers
The PyPI package lightning was compromised in versions 2.6.2 and 2.6.3 with Mini Shai-Hulud themed malicious code to execute credential-stea
PyPI Supply Chain Attacks Expand: New Malicious Packages Target Bioinformatics and MCP Developers
Newer packages in this compromise use native extensions and .pth loaders to execute JavaScript stealers in developer environments.
TeamPCP Supply Chain Attack: The npm Worm That Hit GitHub, OpenAI, and Mistral AI
Between May 11 and May 19, 2026, a threat actor called TeamPCP poisoned 170+ npm/PyPI packages, hijacked a VS Code extension with 2.2M insta
Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages
Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mi

Comments
Sign in to join the conversation.
No comments yet. Be the first.