Latest PyPI Malware news

TeamPCP compromises Telnyx SDK on PyPI, hides credential stealer inside WAV audio files

by Artem Safonov March 28, 2026

Three days after LiteLLM, TeamPCP hit the Telnyx Python SDK on PyPI. Malicious versions 4.87.1 and 4.87.2 hid a credential stealer inside WAV audio files. The RSA-4096 key is byte-for-byte identical to the LiteLLM payload.

TeamPCP backdoors LiteLLM on PyPI using stolen Trivy credentials, 97M downloads exposed

by Artem Safonov March 25, 2026

Stolen Trivy credentials gave TeamPCP a PyPI publishing token for LiteLLM, the most popular LLM proxy in Python. Malicious versions ran on every Python process, not just LiteLLM imports, exfiltrating SSH keys, cloud credentials, and crypto wallets. Roughly 500,000 exfiltrations …

Menu

Latest PyPI Malware news

TeamPCP compromises Telnyx SDK on PyPI, hides credential stealer inside WAV audio files

TeamPCP backdoors LiteLLM on PyPI using stolen Trivy credentials, 97M downloads exposed

Latest News

Editor's Choice

Menu

Latest PyPI Malware news

TeamPCP compromises Telnyx SDK on PyPI, hides credential stealer inside WAV audio files

TeamPCP backdoors LiteLLM on PyPI using stolen Trivy credentials, 97M downloads exposed

Latest News

Editor's Choice

Stay informed on cybersecurity