The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
Security Boulevard

Which Came First: The System Prompt, or the RCE?

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...
Hackaday

Linux Fu: UPNP A Port Mapping Odyssey

If you’ve ever run a game server or used BitTorrent, you probably know that life is easier if your router supports UPnP ...

Python scales host microstructures that block bacterial biofilms—revealing potential for antimicrobial materials

Materials inspired by nature, or biomimetic materials, are nothing new. Scientists have designed water-resistant materials ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.

Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver ...

Point Wild Releases Free LiteLLM Vulnerability Scanner Within 24 Hours of Supply Chain Attack

New AI-powered scanner -- who-touched-my-packages -- detects zero-day malicious packages and credential exfiltration in seconds BOSTON, March 26, 2026 /PRNewswire/ -- Point Wild, a leading global ...
Dark Reading

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...