Telnyx Python SDK: Supply Chain Security Notice

Summary

SummaryOn March 27, 2026 at 03:51:28 UTC, two unauthorized versions of the Telnyx Python SDK were published to PyPI: versions 4.87.1 and 4.87.2. Both versions contained malicious code. Both were quarantined by 10:13 UTC the same day.This incident is part of a broader supply chain campaign that has also affected Trivy, Checkmarx, and LiteLLM.The Telnyx platform, APIs, and infrastructure were not compromised. This incident was limited to the PyPI distribution channel for the Python SDK.Affected Versions Version Published telnyx==4.87.1 03:51:28 UTC, March 27, 2026 telnyx==4.87.2 Shortly after Both versions have been removed from PyPI.Who Is AffectedYou may be affected if:You installed or upgraded the telnyx Python package between 03:51 UTC and 10:13 UTC on March 27, 2026You ran pip install telnyx without pinning a version and received 4.87.1 or 4.87.2A dependency in your project pulled in telnyx as a transitive, unpinned dependencyWho Is NOT AffectedYou are running version 4.87.0 or earlierYou did not install or upgrade the telnyx package between 03:51 UTC and 10:13 UTC on March 27You are using the Telnyx REST API directly without the Python SDKHow to CheckRun the following command:pip show telnyx If the version shown is 4.87.1 or 4.87.2, treat the environment as compromised.What to Do If AffectedDowngrade immediately:pip install telnyx==4.87.0 Rotate all secrets accessible from the affected environment: API keysDatabase credentialsCloud provider tokensSSH keysAny secrets stored in environment variables or configuration filesAudit your systems for outbound connections to attacker infrastructure (see IOCs below)Review CI/CD pipelines and Docker builds that may have pulled the compromised versionIndicators of Compromise Type Value C2 server 83.142.209.203:8080 Exfil technique WAV steganography payload delivery Additional IOCs will be published as the investigation confirms them.What Was NOT CompromisedThe Telnyx platform, voice services, messaging infrastructure, networ...