Overview
- Security trackers report no new confirmed package compromises for 48 hours after Friday’s Telnyx disclosure, a first pause since the campaign escalated on March 19.
- Researchers tie the Telnyx breach to TeamPCP after two malicious PyPI releases (4.87.1 and 4.87.2) used WAV audio steganography to hide payloads, leading to credential theft across Windows, Linux, and macOS; the project was quarantined and users are urged to roll back to 4.87.0 and rotate all secrets.
- An independent review found Checkmarx’s ast-github-action had all 91 tags overwritten with a credential-stealing composite action on March 23, which means any pipeline run against any tag that day should be treated as compromised.
- Palo Alto Networks released behavioral rules to spot CI/CD attacks that read runner memory, sweep secrets, create large encrypted archives, and exfiltrate to newly registered domains, while community tools help scan systems touched by LiteLLM and Telnyx.
- CISA placed the Trivy flaw tied to this campaign in its Known Exploited Vulnerabilities catalog, reinforcing guidance to patch, pin to safe versions, and complete broad credential rotation as investigators warn of near-term extortion risk through the Vect program.