TeamPCP Exploits Telnyx Python SDK in Supply Chain Attack A newly identified hacking group, TeamPCP, has targeted Telnyx, a widely used communication platform, by embedding malicious code in compromised versions of its Python SDK. The attack, uncovered by OX Security on 27 March 2026, follows a series of supply chain breaches linked to the group, including a recent compromise of the Trivy security tool on 19 March 2026. The hackers uploaded two tainted versions of the Telnyx Python library (4.87.1 and 4.87.2) to PyPI, disguising malicious functionality within a file named _client.py. This file triggered the download of a seemingly innocuous ringtone.wav a decoy that, once executed, scanned infected systems for SSH keys, cryptocurrency wallets (Bitcoin, Ethereum), and cloud credentials (Google Cloud, Azure). With the Telnyx SDK recording over 700,000 monthly downloads, the potential impact was significant. However, Telnyx confirmed that its core infrastructure including voice services, messaging, and AI inference remained unaffected, as the SDK operates independently of its backend systems. The breach was limited to developers who installed the compromised versions during the brief window they were live. While no customer data was accessed, affected users were advised to downgrade to version 4.87.0 and rotate exposed credentials. The incident underscores the growing threat of supply chain attacks, where trusted software components are weaponized to distribute malware.