Telnyx Compromised on PyPI
Telnyx - a voice, SMS, and SIP platform used by a lot of developers for programmable telecom - had its Python SDK compromised on PyPI. Same attack group, TeamPCP, that hit LiteLLM earlier this week.
The payload was hidden inside a WAV file that passed MIME-type checks. Valid audio file, but the frame data contained base64-encoded malware. At runtime, the WAV gets decoded and the attacker literally runs exec(base64.b64decode(content)). Basic regex scanners catch this pattern instantly, but the attackers are counting on the window between publish and discovery.
This could have been mitigated with PyPI’s Trusted Publishers - constraining package publishing to specific GitHub environments with branch protection and required approvers. Most maintainers don’t use it.
HN user TZubiri made the point that you could just use HTTP APIs directly instead of vendor SDKs. That works for simpler use cases - basic REST calls where you’re sending requests and parsing JSON. But for something like Telnyx where you’re dealing with SIP, streaming audio, real-time voice interaction - there’s a reason the SDK exists. You’re not reimplementing that with raw HTTP calls.
By far the most practical defense came from HN user mil22 - a uv config that refuses to install any package version published in the last 7 days:
[tool.uv]exclude-newer = "7 days"
# or globally in ~/.config/uv/uv.tomlexclude-newer = "7 days"Gives the community time to catch malware before it reaches your machine.
For pip users: version 26.0+ supports --uploaded-prior-to but you have to manually calculate the date string. Pip 26.1 (scheduled April 2026) will support ISO-8601 duration format (--uploaded-prior-to=P3D), making it as clean as uv’s version. A pip maintainer confirmed this on the HN thread.
TeamPCP is clearly working through a list. LiteLLM, now Telnyx. Wouldn’t be surprised if more compromised packages surface soon.