TeamPCP, a group of cybercriminals, has been caught putting a backdoor in the Telnyx Python SDK on PyPI This article explores backdoor telnyx python. . Two bad versions of the package were quietly added to the Python Package Index, but there were no matching commits in the official GitHub repository.

The bad packages were made to steal passwords from Windows, macOS, and Linux systems that had developer tools installed. This is one of the biggest supply chain attacks on open-source developers this year. It happened just three days after Team PCP hacked a LiteLLM AI proxy package. Users who installed the affected packages should immediately downgrade and treat any systems that were exposed as possibly compromised.

The attack also affected all three major operating systems. Windows users now have to worry about a boot persistence mechanism that keeps malware active even after a restart. This attack has a big effect.

Any developer or organization that installed one of the affected versions should think of their systems as completely broken. In addition, CI/CD pipelines need to be watched closely for strange audio file downloads or unexpected connections going out. To get instant updates, follow LinkedIn and X, and make ZeroOwl your go-to source on Google. You can stay up to date on the latest ZeroOwl news and analysis by following ZeroOwl on Twitter and Facebook.

To get help in private, call the Samaritans at 08457 90 90 90 or go to a Samaritans branch near you. For more information, go to www.samaritans.org. If you're in the U.S., you can call the National Suicide Prevention Line at 1-800-273-8255 or go to http://www.suicidepreventionlifeline.org/.

Call 08457 909090 or click here for private help in the UK. If you need help in the Middle East or Africa, call the British Embassy in Cairo at 0800 615 4157 or go to the embassy's website. Visit ZeroOwl.org for more information about ZeroOwl in the US.