PyPI Compromised: Malicious Code in `telnyx` Packages Leads to Credential Theft and Malware Installation

Executive Summary The PyPI repository has once again fallen victim to a sophisticated supply chain attack, this time targeting the telnyx package in versions 4.87.1 and 4.87.2 . The culprit, TeamPCP , reused the same RSA key and tpcp.tar.gz exfiltration header as in their previous litellm compromise, demonstrating a pattern of persistence and technical sophistication. The malicious code, injected into telnyx/\_client.py , activates on import telnyx , requiring no user interaction —a silent but d