Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Telnyx package compromised on PyPI(telnyx.com)
58 points by ramimac 13 hours ago | 10 comments

https://github.com/team-telnyx/telnyx-python/issues/235

https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-...

ramimac 13 hours ago | parent | next [-]

We haven't blogged this yet, but a variety of teams found this in parallel.

The packages are quarantined by PyPi

Follow the overall incident: https://ramimac.me/teampcp/#phase-10

Aikido/Charlie with a very quick blog: https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-...

ReversingLabs, JFrog also made parallel reports

Scaevolus an hour ago | parent | next [-]

I'm glad there's many teams with automated scans of pypi and npm running. It elevates the challenge of making a backdoor that can survive for any length of time.

Imustaskforhelp 10 hours ago | parent | prev [-]

Ramimac, has there been any action on having the c2 server's ip address being blacklisted?

The blast radius of TeamPCP just keeps on increasing...

6thbit an hour ago | parent | prev | next [-]

So both this and litellm went straight to PyPI without going to GitHub first.

Is there any way to setup PyPI to only publish packages that come from a certain pattern of tag that exists in GH? Would such a measure help at all here?

aniceperson 35 minutes ago | parent [-]

Don't have the token on your hands. Use OICD ideally, or make sure to setup carefully as a repository secret. Ensure the workflow runs in a well permission read, minimal dependency environment. The issue with OICD is that it does not work with nested workflows because github does not propagate the claims.

deathanatos an hour ago | parent | prev | next [-]

> The Telnyx platform, APIs, and infrastructure were not compromised. This incident was limited to the PyPI distribution channel for the Python SDK.

Am I being too nitpicky to say that that is part of your infrastructure?

Doesn't 2FA stop this attack in its tracks? PyPI supports 2FA, no?

kelvinjps10 an hour ago | parent | prev | next [-]

I received an email from them about the vulnerability but I don't remember ever using them

spocchio 2 hours ago | parent | prev | next [-]

Is there anyone who uses it? I see their repo's Initial Commit was on Jan 2026... quite a new package! Also, the number of GitHub stars and forks is quite low.

Does the package have a user base, or did the malicious team target one of the many useless GitHub repos?

KomoD an hour ago | parent [-]

> I see their repo's Initial Commit was on Jan 2026... quite a new package!

That's incorrect, the repo and package date back to 2019

anthk 20 minutes ago | parent | prev [-]

The Guix PM in this context can create an isolated environment and import PyPI packages for you adapted into Guix Scheme manifest files. Not just Python, Perl, Ruby, Node... if you have to use dangerous our propietary environments for the enterprise, (not for personal computing), at least isolate them so the malware doesn't spread over.