TeamPCP, linked to the Trivy breach, has compromised Telnyx's Python SDK on PyPI with malicious versions containing infostealer malware, marking the second major Python package poisoning incident in recent months.
The cybercrime group behind the recent Trivy supply-chain compromise has struck again, this time targeting the Python Package Index (PyPI) with malicious versions of the Telnyx SDK. The attack, attributed to TeamPCP, represents the second major Python package poisoning incident in recent months and highlights the ongoing vulnerabilities in open-source software distribution channels.
Malicious Telnyx Package Versions
According to security researchers at Ox Security, TeamPCP compromised the PyPI distribution of Telnyx's Python SDK, replacing legitimate package versions with malicious releases loaded with multi-stage infostealer malware and persistence mechanisms. The attack specifically targeted versions 4.87.1 and 4.87.2 of the Telnyx package.
The malware's installation method differs from the previous LiteLLM attack. While the LiteLLM compromise embedded malicious code directly within the package files, the Telnyx malware downloads its payload in the form of a .wav audio file that gets decoded and executed on the target machine. This approach makes the malicious activity less obvious to developers who might be examining the package contents.
Telnyx confirmed the incident, stating that only its Python package was affected and that none of its infrastructure, networking, or other services were compromised. However, the company warned that anyone who installed the malicious versions should treat their environment as compromised and rotate any exposed credentials.
With over 34,000 weekly downloads on PyPI, the potential impact of this supply-chain attack could be significant, affecting numerous developers and services before the malicious packages were removed.
The Broader Supply Chain Threat
This attack follows the February 2025 compromise of the Trivy vulnerability scanner, which led to malicious LiteLLM packages appearing on PyPI. TeamPCP, the group researchers link to both incidents, demonstrates a pattern of targeting popular open-source projects to distribute credential-stealing malware through trusted channels.
The attacks exploit the fundamental trust model of package repositories like PyPI, where developers assume packages are legitimate unless proven otherwise. By compromising the distribution channel itself, attackers can reach thousands of victims through a single successful breach.
Related Cybersecurity Developments
In related security news, Hambardzum Minasyan, an Armenian national allegedly involved in the RedLine infostealer operation, was extradited to the United States last week. Minasyan faces charges including conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act, and conspiracy to commit money laundering. If convicted on all charges, he could face up to 30 years in prison.
The RedLine infostealer has been one of the most prolific malware families in recent years, targeting credentials, cryptocurrency wallets, and other sensitive information from infected systems. The arrest represents a significant law enforcement victory, though the alleged mastermind behind RedLine, Maxim Rudometov, remains at large with a $10 million US bounty on his head.
EU Digital Services Act Enforcement
The European Commission has initiated enforcement actions under the Digital Services Act (DSA), targeting both mainstream platforms and adult content providers. Snapchat faces investigation for potentially insufficient age-assurance measures, while Pornhub, Stripchat, XNXX, and XVideos received preliminary findings of DSA violations for failing to implement effective age-verification systems.
The Commission's actions highlight the growing regulatory focus on protecting minors online and ensuring platforms implement adequate safeguards. The preliminary findings give the affected companies an opportunity to respond before potential penalties are imposed.
Healthcare Sector Under Attack
The LAPSUS$ cybercrime group has released 2.66 GB of data allegedly stolen from pharmaceutical giant AstraZeneca. Security researchers at SOCRadar warn that if the claims are verified, this could become one of the more serious healthcare cyber incidents of 2026.
The stolen data reportedly includes internal code repositories, access-related information, cloud and infrastructure references, and employee records. Such comprehensive data exposure could enable follow-on intrusions, targeted phishing campaigns, and supply chain attacks against AstraZeneca and its partners.
Advances in AI Security Research
In a positive development for cybersecurity, researchers at Oak Ridge National Laboratory have created Photon, an exascale AI model vulnerability detection system. The tool can explore, discover, and exploit AI vulnerabilities at scale by applying known attacks and refining them based on results while simultaneously searching for new weaknesses.
Testing on the lab's Frontier supercomputer demonstrated that Photon can maintain 95 percent resource utilization across 1,920 GPUs while scaling without loss of computational efficiency. While such capabilities remain limited to supercomputing facilities for now, the research represents a significant advance in AI security testing methodologies.
These developments underscore the ongoing arms race in cybersecurity, where attackers continually find new ways to exploit trusted systems while defenders develop increasingly sophisticated tools to identify and mitigate threats. The PyPI attacks serve as a reminder that even widely-used open-source packages can become vectors for malware distribution, requiring developers to remain vigilant about the software they incorporate into their projects.
Comments
Please log in or register to join the discussion