TeamPCP strikes again - telnyx 4.87.1 and...

Same actor, same RSA key, same `tpcp.tar.gz` exfiltration header as the litellm compromise last week. This time they injected into `telnyx/_client.py` \- triggers on `import telnyx`, no user interaction needed. New trick: payload is hidden inside WAV audio files using steganography to bypass network inspection. On Linux/macOS: steals credentials, encrypts with AES-256 + RSA-4096, exfiltrates to their C2. On Windows: drops a persistent binary in the Startup folder named `msbuild.exe`. They even p