Skip to content
Tech News
← Back to articles

Telnyx package compromised on PyPI

2026-03-27 | original
read original get PyPI Security Audit Tool → more articles
Why This Matters

The recent compromise of the Telnyx Python SDK on PyPI highlights the ongoing risks in software supply chains, emphasizing the need for developers to verify package integrity and implement strict version controls. This incident underscores the importance for organizations to monitor dependencies and respond swiftly to malicious code to protect their infrastructure and data.

Key Takeaways

Summary

On March 27, 2026 at 03:51:28 UTC, two unauthorized versions of the Telnyx Python SDK were published to PyPI: versions 4.87.1 and 4.87.2. Both versions contained malicious code. Both were quarantined by 10:13 UTC the same day.

This incident is part of a broader supply chain campaign that has also affected Trivy, Checkmarx, and LiteLLM.

The Telnyx platform, APIs, and infrastructure were not compromised. This incident was limited to the PyPI distribution channel for the Python SDK.

Affected Versions

Version Published telnyx==4.87.1 03:51:28 UTC, March 27, 2026 telnyx==4.87.2 Shortly after

Both versions have been removed from PyPI.

Who Is Affected

You may be affected if:

You installed or upgraded the telnyx Python package between 03:51 UTC and 10:13 UTC on March 27, 2026

... continue reading

Explore topics: telnyx pypi python sdk trivy checkmarx
Related:
PyPI package telnyx has been compromised in yet another supply chain attack
Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
My minute-by-minute response to the LiteLLM malware attack
Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit
Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack

© 2026 GoKawiil

About | Editorial Policy | Contact