VulnHub

Real-time Cybersecurity News

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware

Help Net Security
Actively Exploited
Malware

Overview

Researchers at Endor Labs have reported that the TeamPCP group has compromised the Telnyx package on the Python Package Index (PyPI). Versions 4.87.1 and 4.87.2 of the Telnyx SDK, which is used for the Telnyx AI Voice Agent service, were modified to include malicious code. The first version contained non-functional malicious code, while the second version may pose a greater risk. This incident highlights the ongoing risks associated with supply chain attacks, where attackers modify legitimate software to distribute malware. Developers and organizations using this SDK should be vigilant and consider removing or updating their versions immediately to mitigate any potential threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Telnyx SDK versions 4.87.1 and 4.87.2 on PyPI
  • Action Required: Remove or update the Telnyx SDK to the latest secure version.
  • Timeline: Newly disclosed

Original Article Summary

TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software development kit (SDK) for the Telnyx AI Voice Agent service. According to Endor Labs researchers, attackers backdoored the legitimate SDK code and published versions 4.87.1 and 4.87.2 of the package on the Python Package Index (PyPI), one shortly after the other. The malicious code wasn’t functional in the first version … More → The post TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware appeared first on Help Net Security.

Impact

Telnyx SDK versions 4.87.1 and 4.87.2 on PyPI

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Remove or update the Telnyx SDK to the latest secure version.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

European Commission investigating breach after Amazon cloud hack

BleepingComputer

The European Commission is looking into a security breach involving its Amazon cloud infrastructure. Unauthorized access was gained by a threat actor, raising concerns about the potential exposure of sensitive data. This incident is particularly significant because it affects a major governmental body within the European Union, which handles important regulatory and policy decisions. The investigation aims to assess the scope of the breach and determine any necessary actions to safeguard data moving forward. This incident serves as a reminder of the vulnerabilities that can exist even within high-profile organizations and the importance of robust security measures in cloud environments.

Mar 27, 2026

UK Cracks Down on Chinese Crypto Marketplace for Funding Southeast Asia Scam Hubs

Infosecurity Magazine

The UK government has sanctioned Xinbi, an online cryptocurrency marketplace linked to funding scams in Southeast Asia. Classified as the second-largest illicit marketplace globally, Xinbi has been implicated in various fraudulent activities affecting users and investors. The crackdown aims to disrupt the financial networks that support these scams, which often target vulnerable individuals. By taking this action, the UK government seeks to prevent further criminal exploitation through cryptocurrency and safeguard its citizens from financial fraud. The move reflects growing concerns about the role of digital currencies in facilitating crime across international borders.

Mar 27, 2026

TP-Link Patches High-Severity Router Vulnerabilities

SecurityWeek

TP-Link has addressed several serious vulnerabilities in its routers that could allow attackers to bypass authentication, execute arbitrary commands, and decrypt sensitive configuration files. These security flaws potentially expose users to unauthorized access and manipulation of their network settings. Affected devices include various TP-Link router models, although specific models were not detailed in the announcement. Users of TP-Link routers should promptly apply the patches provided by the company to safeguard their devices. This incident serves as a reminder of the importance of keeping router firmware up to date to protect against security risks.

Mar 27, 2026

Anti-piracy coalition takes down AnimePlay app with 5 million users

BleepingComputer

The Alliance for Creativity and Entertainment (ACE) has successfully shut down AnimePlay, a popular anime streaming service that boasted over 5 million users. This action is part of ACE's ongoing efforts to combat piracy in digital media. The shutdown affects a significant number of users who relied on AnimePlay for accessing anime content without paying for licenses. By taking down such platforms, ACE aims to protect the intellectual property rights of creators and distributors in the anime industry. This move also serves as a warning to other similar services that may be operating without proper licensing.

Mar 27, 2026

Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware

The Hacker News

A pro-Ukrainian hacking group known as Bearlyfy has carried out over 70 cyber attacks against Russian companies since January 2025. Their recent campaigns have utilized a custom ransomware known as GenieLocker, which targets Windows systems. This group aims to disrupt operations in Russian businesses, indicating a strategic move in the ongoing conflict between Ukraine and Russia. The use of ransomware adds a financial pressure point, potentially crippling affected organizations. As these attacks continue, it raises concerns about the security of critical infrastructure and business operations in the region.

Mar 27, 2026

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

The Hacker News

Researchers have identified three significant vulnerabilities in the LangChain and LangGraph frameworks, both of which are popular tools for developing applications that utilize Large Language Models (LLMs). These flaws could allow attackers to access sensitive information, including filesystem data, environment secrets, and conversation history. Given the widespread use of these frameworks, the potential for data exposure poses a serious risk to developers and organizations relying on them. Users of LangChain and LangGraph need to be aware of these vulnerabilities and take necessary precautions to secure their applications. The implications of these flaws highlight the importance of maintaining robust security practices in AI development environments.

Mar 27, 2026