{"id":229285,"date":"2026-03-27T11:06:00","date_gmt":"2026-03-27T15:06:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/27\/teampcp-targets-telnyx-package-in-latest-software-supply-chain-attack\/"},"modified":"2026-03-30T14:30:31","modified_gmt":"2026-03-30T18:30:31","slug":"teampcp-targets-telnyx-package-in-latest-software-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/27\/teampcp-targets-telnyx-package-in-latest-software-supply-chain-attack\/","title":{"rendered":"TeamPCP Targets Telnyx Package in Latest Software Supply Chain Attack"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/teampcp-targets-telnyx-pypi-package\/\">TeamPCP Targets Telnyx Package in Latest Software Supply Chain Attack<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/teampcp-targets-telnyx-pypi-package\/\">https:\/\/www.infosecurity-magazine.com\/news\/teampcp-targets-telnyx-pypi-package\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-27 11:06:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>TeamPCP has again expanded its supply chain attacks on open-source repositories by targeting \u00a0Telnyx, according to security researchers.<\/p>\n<p>The cyber threat group recently rose to notoriety by uploading malicious packages to Python Package Index (PyPI), the official online repository where developers share and download Python software packages. The group typically uses typosquatting to trick developers into downloading them.<\/p>\n<p>In one campaign, the group targeted Trivy, a widely used open-source vulnerability scanner owned by Aqua Security, by injecting credential-stealing malware into official releases and GitHub Actions.<\/p>\n<p>A few days later, researchers discovered TeamPCP targeted LiteLLM AI Gateway, a popular Python library for AI model integration.<\/p>\n<p>Now, a third TeamPCP campaign has been identified which affects the Telnyx Python package on PyPI and leads to the delivery of credential-stealing malware.<\/p>\n<p>Telnyx is a cloud communications platform that provides application programming interfaces (APIs) for phone calls, SMS, MMS and other telecom services.<\/p>\n<h2><strong>TeamPCP\u2019s Telnyx Compromise Campaign Explained<\/strong><\/h2>\n<p>On March 27, researchers from both Socket and Endor Labs published findings revealing that the official Telnyx Python software development kit (SDK) had been compromised in a software supply chain attack.<\/p>\n<p>Socket researchers identified that the telnyx package, a legitimate and widely used Python SDK for the Telnyx communications platform, had been tampered with. The malicious versions published to PyPI \u2013 versions 4.87.1 and 4.87.2 \u2013 contained code designed to exfiltrate sensitive information from victim environments.<\/p>\n<p>\u201cThey should not be used,\u201d warned the Socket Research Team, whose members confirmed that\u00a0 researchers at Aikido Security and Wiz, now part of Google Cloud, independently came to the same conclusions.<\/p>\n<p>Socket found that the attacker had injected functionality to steal SSH private keys and bash history files from compromised systems, sending&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/teampcp-targets-telnyx-pypi-package\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>TeamPCP Targets Telnyx Package in Latest Software Supply Chain Attack https:\/\/www.infosecurity-magazine.com\/news\/teampcp-targets-telnyx-pypi-package\/ Publish Date: 2026-03-27 11:06:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":229286,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/dd189dfc-c505-4038-ab38-5d0a035f2de0.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,32,27],"class_list":["post-229285","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229285"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=229285"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229285\/revisions"}],"predecessor-version":[{"id":229287,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229285\/revisions\/229287"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/229286"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=229285"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=229285"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=229285"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}