## PyPI Poisoning: Trivy Attackers Strike Again with Malicious Telnyx Package
The threat actors behind the recent Trivy supply-chain breach have escalated their campaign, now poisoning the Python Package Index (PyPI) with malicious versions of the Telnyx SDK. This latest attack aims to infect developers' systems with credential-stealing malware, marking a continued and aggressive exploitation of open-source software repositories. The move signals a persistent and adaptable threat group actively targeting the software development ecosystem.

The attack involves uploading counterfeit 'telnyx' packages to PyPI, masquerading as legitimate software. Developers who inadvertently install these tainted versions risk having their authentication tokens, API keys, and other sensitive credentials harvested by the malware. This method mirrors the group's previous operation involving the LiteLLM package, confirming a repeatable playbook focused on high-value developer tools and infrastructure SDKs.

The recurrence of this attack pattern places immense pressure on platform security and developer vigilance. It underscores the critical vulnerability of software supply chains to such poisoning campaigns, where a single malicious package can have cascading downstream effects. The incident prompts urgent scrutiny of dependency management and automated security scanning for all organizations relying on public package repositories, as the group shows no signs of halting its operations.
---
- **Source**: The Register
- **Sector**: The Lab
- **Tags**: supply-chain attack, PyPI, credential theft, Trivy, Telnyx
- **Credibility**: unverified
- **Published**: 2026-03-30 18:26:58
- **ID**: 41671
- **URL**: https://whisperx.ai/en/intel/41671