cybersecurity

6015 readers

22 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks

tweedge

The telnyx packages on PyPI have been compromised (lwn.net)

submitted 4 days ago* (last edited 4 days ago) by cm0002@europe.pub to c/cybersecurity

0 comments fedilink hide all child comments

The SafeDep blog reports that compromised versions of the telnyx package have been found in the PyPI repository:

Two versions of telnyx (4.87.1 and 4.87.2) published to PyPI on March 27, 2026 contain malicious code injected into telnyx/_client.py. The telnyx package averages over 1 million downloads per month (~30,000/day), making this a high-impact supply chain compromise. The payload downloads a second-stage binary hidden inside WAV audio files from a remote server, then either drops a persistent executable on Windows or harvests credentials on Linux/macOS.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here