Back

TeamPCP Compromises Telnyx Python SDK in Supply Chain Attack

Severity: High (Score: 72.8)

Sources: Reddit, Cybersecuritynews, Feeds2.Feedburner, Digital.Nhs.Uk, Tipranks

Summary

On March 27, 2026, the TeamPCP threat group compromised the Telnyx Python SDK on PyPI, releasing malicious versions 4.87.1 and 4.87.2. This attack follows previous campaigns targeting Trivy and LiteLLM, utilizing stolen maintainer credentials to publish trojanized packages. The malicious payload, which employs WAV audio file steganography, is designed to exfiltrate sensitive information, including SSH keys and bash history. Security researchers from Socket and Endor Labs confirmed the attack, emphasizing that the malicious code executes upon installation. The compromised packages have been quarantined by PyPI, and organizations are urged to rotate credentials and monitor for indicators of compromise. The convergence of supply chain attacks with ransomware-as-a-service models marks a significant escalation in cyber threats. This incident highlights the urgent need for enhanced security measures in software supply chains. Key Points: • TeamPCP compromised the Telnyx SDK on PyPI, releasing malicious versions 4.87.1 and 4.87.2. • The attack uses stolen maintainer credentials, allowing the injection of credential-stealing malware. • Organizations must rotate credentials and monitor for indicators of compromise immediately.

Key Entities

  • Malware (attack_type)
  • Supply Chain Attack (attack_type)
  • Checkmarx (company)
  • NHS England (company)
  • Telnyx (company)
  • CVE-2026-33017 (cve)
  • CVE-2026-33634 (cve)
  • models.litellm.cloud (domain)
  • sans.org (domain)
  • 83.142.209.203 (ipv4)
  • ContainerWorm (malware)
  • T1003 - OS Credential Dumping (mitre_attack)
  • T1021 - Remote Services (mitre_attack)
  • T1027 - Obfuscated Files Or Information (mitre_attack)
  • T1036 - Masquerading (mitre_attack)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • Linux (platform)
  • MacOS (platform)
  • PyPI (platform)
  • Windows (platform)
  • Vect Ransomware Group (ransomware_group)
  • LiteLLM (tool)
  • Python (tool)
  • Trivy (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed