VulnHub

Real-time Cybersecurity News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

The Hacker News
Actively Exploited
Malware

Overview

TeamPCP, a group known for supply chain attacks, has targeted the Telnyx Python package by releasing two malicious versions (4.87.1 and 4.87.2) on March 27, 2026. These versions, available on the Python Package Index (PyPI), are designed to steal sensitive user data by hiding their credential-stealing features within .WAV files. This incident poses a significant risk to developers and organizations that rely on the Telnyx package for their applications, as it can lead to unauthorized access to sensitive data. Users who downloaded these versions may unknowingly expose their credentials, making it crucial for the community to act swiftly to mitigate potential damage.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Telnyx Python package versions 4.87.1 and 4.87.2
  • Action Required: Users should immediately remove the malicious versions of the Telnyx package and replace them with a secure version.
  • Timeline: Newly disclosed

Original Article Summary

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a .WAV file. Users are

Impact

Telnyx Python package versions 4.87.1 and 4.87.2

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should immediately remove the malicious versions of the Telnyx package and replace them with a secure version. It is also recommended to review and reset any credentials that may have been compromised.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

Security Affairs newsletter Round 569 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

In a recent cybersecurity incident, the hacking group ShinyHunters has claimed responsibility for breaching a European Commission group linked to Iran, known as Handala. This attack has raised concerns about the security of sensitive information and the potential implications for international relations. Additionally, the group reportedly hacked FBI Director Kash Patel’s personal data, which could expose vulnerabilities in U.S. federal cybersecurity measures. The incidents underline the ongoing risks associated with state-sponsored hacking and the need for improved defenses against such threats. As these attacks come to light, organizations and governments may need to reassess their cybersecurity protocols to protect against similar intrusions in the future.

Mar 29, 2026

BSides SF: SaaS, cloud assets vulnerable to identity-based ransomware attacks

SCM feed for Latest

At the BSides SF 2026 hacker conference, a researcher warned that Software as a Service (SaaS) and cloud assets are increasingly vulnerable to identity-based ransomware attacks. This type of attack exploits weaknesses in identity management systems, allowing attackers to gain unauthorized access and encrypt critical data. Organizations that rely on cloud services for their operations, especially those with inadequate security measures in place, are at significant risk. The researcher emphasized that as more businesses transition to these platforms, the need for robust identity protection becomes essential. Companies should prioritize enhancing their identity security protocols to mitigate these risks and protect sensitive customer information.

Mar 29, 2026

Wormsign, RSAC 2026: More auto-updating supply-chain attacks on the way

SCM feed for Latest

At the RSAC 2026 conference, researchers discussed the emergence of Shai-Hulud worms, which have taken advantage of automatic updates in open-source software repositories. They warned that these types of supply-chain attacks may become more common, posing significant risks to software integrity and security. This could affect a wide range of organizations that rely on open-source software for their operations. The implications are serious, as attackers could potentially infiltrate systems through seemingly legitimate software updates, compromising sensitive data and systems. Companies using open-source solutions need to be vigilant and implement stricter security measures to protect against these evolving threats.

Mar 29, 2026

Lloyds Group to Compensate 450,000 Customers After App Glitch

Hackread – Cybersecurity News, Data Breaches, AI and More

Lloyds Banking Group has announced plans to compensate around 450,000 customers due to a glitch in their mobile banking app that unintentionally exposed sensitive customer data. The issue arose when certain users were able to see details of other customers' accounts, including names and transaction histories. This incident raises significant concerns about data privacy and security, as affected individuals may worry about the potential misuse of their information. Lloyds is working to address the problem and ensure that such vulnerabilities are not repeated in the future. The compensation is part of their effort to regain customer trust after this security mishap.

Mar 28, 2026

Iran-linked group Handala hacked FBI Director Kash Patel’s personal email account

Security Affairs

An Iranian hacking group named Handala claims to have breached the personal email account of FBI Director Kash Patel, leaking various files and photos. The FBI has acknowledged the incident but stated that no sensitive government data was compromised in the breach. This incident raises concerns about the security of personal accounts held by high-ranking officials, as attackers may seek to exploit such information for various motives. While the FBI is aware of the situation, the lack of exposed government data may provide some reassurance, though it still points to the ongoing risks posed by state-sponsored hacking groups targeting individuals in influential positions.

Mar 28, 2026

ShinyHunters Walk Away from BreachForums, Leak 300,000-User Database

Hackread – Cybersecurity News, Data Breaches, AI and More

ShinyHunters, a notorious hacking group, has departed from BreachForums and leaked a database containing information on 300,000 users. This data breach raises alarms as ShinyHunters warns that all active domains associated with the leak are fake, suggesting that users should be cautious of phishing attempts. The group has also threatened to release more data from forum backups, indicating that the situation could worsen. Users affected by this breach may have their personal information exposed, which could lead to identity theft or other malicious activities. This incident underscores the ongoing risks associated with online forums and the potential for significant data leaks.

Mar 27, 2026