Telnyx Python SDK: Supply Chain Security Notice
5 hours ago
- #PyPI-security
- #Telnyx-SDK
- #supply-chain-attack
- Unauthorized versions of the Telnyx Python SDK (4.87.1 and 4.87.2) were published to PyPI on March 27, 2026, containing malicious code.
- The incident is part of a broader supply chain attack affecting other tools like Trivy, Checkmarx, and LiteLLM.
- Telnyx platform, APIs, and infrastructure were not compromised; only the PyPI distribution channel was affected.
- Affected versions were quarantined and removed from PyPI by 10:13 UTC the same day.
- Users should check their environment using 'pip show telnyx' and downgrade to version 4.87.0 if compromised.
- The malicious versions used a C2 server (83.142.209.203:8080) and WAV steganography for payload delivery.
- No customer data was accessed, and the SDK has no privileged access to Telnyx infrastructure.
- Contact [email protected] for assistance or questions regarding the incident.