TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

By rooter

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data.
The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a .WAV file. Users are

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

rooter
Cyber Security

China Upgrades the Backdoor It Uses to Spy on Telcos Globally

rooter
Cyber Security

Wartime Usage of Compromised IP Cameras Highlight Their Danger

rooter

Leave a Reply

You Missed

News

Marvel Just Put ‘Daredevil: Born Again’ Season 2 in a Very Weird Place in the MCU Timeline

News

The White House has an app now, and Trump wants you to report people to ICE on it

News

Trump Drops $1B to Kill 2 Wind Farms, Then Watches a Bigger One Go Online

News

Wait, the Trump phone might actually exist