RSS
Last updated: May 13, 2026 at 5:42 AM UTC
All 208 Vulnerability 72 Breach 41 Threat 88 Defense 7
Tag: teampcp (12 articles)Clear
threat
2026-03-27

TeamPCP compromises Telnyx Python SDK on PyPI - malware hidden inside sound files

Hackers compromised the Telnyx Python SDK on PyPI and hid malware inside .wav sound files - disguised as audio to bypass security scanners. Versions 4.87.1 and 4.87.2 were poisoned - just importing the package triggers the attack. It grabs SSH keys, cloud credentials, and can hijack Kubernetes clusters. The malicious versions were live for about 6 hours before PyPI quarantined them.

teampcptelnyxpypisupply-chainpython
Check
Audit your Python environments for the Telnyx package.
Affected
telnyx 4.87.1 and 4.87.2 on PyPI.
Fix
Downgrade to telnyx 4.87.0. Rotate all credentials on any system that ran the poisoned versions.
threat
CVE-2026-33634
2026-03-27

TeamPCP's 9-day supply chain rampage - Trivy to LiteLLM to Checkmarx to Telnyx

One group, four major compromises, nine days. TeamPCP started by backdooring Aqua Security's Trivy vulnerability scanner on March 19 - then used the stolen CI/CD credentials to poison LiteLLM, Checkmarx tools, and Telnyx one after another. Each compromised tool handed them the keys to the next target. They've now partnered with the Vect ransomware gang to turn stolen access into extortion.

teampcpsupply-chaintrivylitellmcheckmarxtelnyxpypiransomware
Check
Audit any CI/CD pipeline that used Trivy, LiteLLM, or Telnyx between March 19-27.
Affected
Trivy (compromised tags March 19), LiteLLM 1.82.7-1.82.8, Checkmarx KICS GitHub Actions (March 23), Telnyx 4.87.1-4.87.2.
Fix
Pin all open-source dependencies to exact versions. Rotate all credentials exposed in affected pipelines. Treat affected environments as fully compromised.