TeamPCP put two bad copies of Telnyx's official Python SDK on PyPI. The attack was set up so that it would automatically start when the library was loaded, without any user input. After about four hours, PyPI quickly quarantined these versions, but the damage is still significant.

This event is part of a larger, fast-paced campaign by TeamPCP that has already gone after Trivy, Checkmarx, LiteLLM, and dozens of npm packages. It's not enough to just remove bad packages; backdoors stay open on infected Windows machines and Kubernetes clusters. Security teams need to change all exposed credentials right away. This includes cloud access keys, database passwords, and pipeline tokens.

To make sure that sensitive tokens never sit on filesystems where automated harvesters can easily find them, use dedicated secrets managers.

Check for hidden lock files or unexpected binaries in user startup directories on the hexastrike endpoint side. Call the National Suicide Prevention Lifeline at 1-800-273-8255 or go to http://www.suicidepreventionlifeline.org/ for private help. If you need help with suicide, you can call the Samaritans at 08457 90 90 90, go to a local Samaritans branch, or visit www.samaritans.org.

If you need help in the U.S., call the national suicide prevention Lifeline at 1-877-977-9255.