TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data.
The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a .WAV file. Users are

Source

What's Hot

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

Why the Identity Security Fabric is Essential for Securing AI and Non-Human Identities

Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials

Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

Our Picks

Why LinkedIn is a hunting ground for threat actors – and how to protect yourself

How cybercriminals are targeting content creators

Is Poshmark safe? How to buy and sell without getting scammed

Subscribe to Updates

What's Hot

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Related Posts

Subscribe to Updates