Two versions of the telnyx Python package (4.87.1 and 4.87.2) published to PyPI on March 27, 2026 were found to contain malicious code. The package receives over 1 million downloads per month, making this a high-impact supply chain attack. The injected payload downloads a second-stage binary hidden inside WAV audio files from a remote server, then either installs a persistent executable on Windows or harvests credentials on Linux/macOS.
Sort: