1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Major compromise of the telnyx PyPI library could put millions of

    From TechnologyDaily@1337:1/100 to All on Monday, March 30, 2026 16:30:31
    Major compromise of the telnyx PyPI library could put millions of users at risk

    Date:
    Mon, 30 Mar 2026 15:15:00 +0000

    Description:
    TeamPCP strikes again, with almost identical code to LiteLLM.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter JFrog reports Telnyx PyPI package was
    poisoned with malware by TeamPCP Malicious update delivered hidden .wav payload that deployed infostealer and persistence mechanisms Users advised to downgrade, block C2 communication, rotate credentials, and scan for persistence Telnyx, a popular PyPI package providing real-time communication features, was recently poisoned and used to serve malware to its users, experts have warned.

    A report from security researchers JFrog, along with other independent security experts, notes how as a cloud platform that lets developers add real-time comms features to apps, like voice and messaging, Telnyx provides APIs and tools for building solutions such as calling systems and SMS-based services. It has been downloaded millions of times already, and according to JFrog, its had more than 670,000 downloads just this month, acting as an alternative to Twilio, sometimes picked because of its asynchronous httpx support and cost efficiency in high-concurrency environments. Article continues below You may like Top LLM PyPl package compromised to steal user details - here's what we know North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware Linux users targeted as crypto-stealing malware hits Snap packages - here's how to stay safe Two poisoned versions However telnyx was recently updated, with two new versions hitting PyPI: 4.87.1 and 4.87.2. Those that upgraded their packages were then served a normal audio file (.wav) from the internet, which the script extracts and decodes.

    The malicious code hiding inside is used to establish persistence on the target device and deploy a stage-two malware that acts as an infostealer, grabbing data from the device such as login credentials and system information.

    The attack was done by a hacking collective calling itself TeamPCP. This
    group has been making headlines recently, when it managed to compromise another major Python package called LiteLLM .

    Now, researchers observed almost identical code in telnyx, saying theyre not yet sure how the maintainers PyPI account got compromised. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get
    all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    In any case, the .wav payload is now offline, and the URL hosting it is offline. Those who installed the poisoned versions should downgrade to the clean version, block all C2 address communication, and then revoke and rotate all credentials. Then, they should scan for additional persistence, to make sure the compromise has been fully addressed. Protecting WordPress websites WordPress is a major website building platform (Image credit: Pixabay) As a platform, WordPress is generally considered safe and without known major vulnerabilities. However, it operates a vast repository of third-party, user-built themes and plugins, split into free and premium categories. The latter ones usually come with a dedicated maintenance and development team
    and as such are regularly updated and hardened against attacks.

    The free ones, on the other hand, are often built by enthusiasts, small
    teams, and freelance developers. Many of them are abandoned, unmaintained, or otherwise poorly managed, despite being popular among the users. As such,
    they create a huge security risk on one end, and attack opportunity on the other. What to read next This Premium WordPress plugin and theme have been compromised here's how to check your website hasn't been infected English learning app used by Sony and Paramount put millions of users at risk Experts flag around 800,000 Telnet servers exposed to remote attacks - here's why users should be on their guard

    As a general rule of thumb, security researchers advise WordPress users to keep their platform, themes, and plugins updated at all times. Furthermore, they suggest users only keep installed those themes and plugins they actively use and make sure to replace any default security and privacy settings.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/major-compromise-of-the-telnyx-pypi-lib rary-could-put-millions-of-users-at-risk


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)