The telnyx packages on PyPI have been compromised
Date:
Fri, 27 Mar 2026 16:21:17 +0000
Description:
The SafeDep blog reports that compromised versions of the telnyx package have been found in the PyPI
repository: Two versions of telnyx (4.87.1 and 4.87.2) published to
PyPI on March 27, 2026 contain malicious code injected into telnyx/_client.py . The telnyx package averages over 1 million
downloads per month (~30,000/day), making this a high-impact
supply chain compromise. The payload downloads a second-stage
binary hidden inside WAV audio files from a remote server, then
either drops a persistent executable on Windows or harvests
credentials on Linux/macOS.
======================================================================
Link to news story:
https://lwn.net/Articles/1065059/
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)