Pypi

• Telnyx Python SDK Compromised on PyPI: TeamPCP Hides AES-256 Infostealer in WAV Audio Frames March 27, 2026

  TeamPCP's latest move: the official Telnyx Python SDK on PyPI was backdoored with an infostealer delivered via WAV steganography. The payload hides in audio frame data to bypass MIME-type filtering -- a technique TeamPCP first trialled five days earlier and liked enough to deploy at scale.

• LiteLLM Was in Your CI/CD Pipeline. So Was the Credential Stealer. March 25, 2026

  On March 24, 2026, LiteLLM versions 1.82.7 and 1.82.8 on PyPI were found to contain a credential-stealing payload planted by TeamPCP, the same group that compromised Trivy five days earlier. The attack is a direct downstream consequence of that breach: stolen CI/CD credentials, reused across targets.