Dev.to
PyPI Compromised: Malicious Code in `telnyx` Packages Leads to Credential Theft and Malware Installation
Executive Summary The PyPI repository has once again fallen victim to a sophisticated supply chain attack, this time targeting the telnyx package in versions 4.87.1 and 4.87.2 . The culprit, TeamPCP , reused the same RSA key and tpcp.tar.gz exfiltration header as in their previous litellm compromise, demonstrating a pattern of persistence and technical sophistication. The malicious code, injected into telnyx/\_client.py , activates on import telnyx , requiring no user interaction —a silent but d
Read original on dev.to0
0Related
Hacker News
If you don't opt out by Apr 24 GitHub will train o
This is where you can opt out. It's absurd that they are automatically opting users into this.https://github.com/settings/copilot/features
news.ycombinator.com274
115Hacker News
Moving from GitHub to Codeberg, for lazy people
Discussed on Hacker News with 602 points and 310 comments.
unterwaditzer.net602
310Hacker News
AI got the blame for the Iran school bombing. The
Discussed on Hacker News with 286 points and 248 comments.
theguardian.com286
248Liked this? Start your own feed.
Your own feed is waiting.
2 comments
This is a really insightful piece. The data backs up what I've been seeing in the industry.
Agreed. Would love to see a follow-up with more recent numbers.
I'm not sure the conclusion holds for smaller teams. Would be interesting to see this broken down by company size.