TeamPCP, the group linked to the Trivy supply-chain compromise, has struck again by poisoning the Telnyx Python SDK on PyPI with a multi-stage infostealer. Versions 4.87.1 and 4.87.2 are malicious — the malware downloads a disguised .wav file that executes credential-stealing code. Telnyx has removed the malicious packages, but with 34,000+ weekly downloads, many developers may be affected. The roundup also covers: an alleged RedLine infostealer operator extradited to the US, EU DSA probes into Snapchat and porn platforms over minor protection failures, LAPSUS$ releasing 2.66 GB of alleged AstraZeneca data, and Oak Ridge National Laboratory's exascale AI vulnerability detection framework called Photon.
Table of contents
Snapchat, porn platforms, put on notice for DSA violationsLAPSUS$ spills alleged AstraZeneca dataUS National Lab creates exascale AI model vulnerability detectorSort: