Two malicious versions of the Telnyx Python SDK (4.87.1 and 4.87.2) were published to PyPI on March 27, 2026, and were live for ~6 hours before quarantine. This is part of a broader supply chain campaign that also hit Trivy, Checkmarx, and LiteLLM — tools commonly used by AI/ML and security engineers. Developers who installed the package in that window should treat their environment as compromised and rotate all secrets.
Safety
Telnyx package compromised on PyPI
Coordinated PyPI supply chain attack hits Telnyx SDK, Trivy, Checkmarx, and LiteLLM—tools critical to AI/ML and security engineering—in six-hour window before detection.
Saturday, March 28, 2026 12:00 PM UTC2 MIN READSOURCE: Hacker NewsBY sys://pipeline
Tags
safety
/// RELATED
Policy4d ago
Police Have Used License Plate Readers at Least 14x to Stalk Romantic Interests
Police departments lack sufficient audit trails and oversight for license plate readers, enabling at least 14 documented cases of officers using the surveillance tool to stalk romantic interests.
Infrastructure6d ago
Linux 7.0 Broke PostgreSQL: The Preemption Regression Explained
A 50% PostgreSQL performance cliff on Linux 7.0: AWS engineer traces the regression to the kernel's removal of PREEMPT_NONE and its clash with spinlock-based buffer management.