TeamPCP continues its supply chain compromise rampage, with Telnyx on PyPI being the latest maliciously modified package. This incident highlights ongoing threats to software supply chains. Telnyx is a widely used software development kit (SDK) for the Telnyx AI Voice Agent service, making it a high-value target for attackers. According to Endor Labs researchers, attackers backdoored the legitimate SDK code. They then published versions 4.87.
TeamPCP continues its supply chain compromise rampage, with Telnyx on PyPI being the latest maliciously modified package. This incident highlights ongoing threats to software supply chains. Telnyx is a widely used software development kit (SDK) for the Telnyx AI Voice Agent service, making it a high-value target for attackers.
According to Endor Labs researchers, attackers backdoored the legitimate SDK code. They then published versions 4.87.1 and 4.87.2 of the compromised package on the Python Package Index (PyPI), releasing them one shortly after the other. Interestingly, the malicious code wasn’t functional in the first version.