Telnyx package compromised on PyPI

Unauthorized versions of the Telnyx Python SDK were briefly published to PyPI as part of a broader supply chain attack. Learn which versions were affected, who is impacted, and the steps to secure your environment.

On March 27, 2026 at 03:51:28 UTC, two unauthorized versions of the Telnyx Python SDK were published to PyPI: versions 4.87.1 and 4.87.2. Both versions contained malicious code. Both were quarantined by 10:13 UTC the same day.

This incident is part of a broader supply chain campaign that has also affected Trivy, Checkmarx, and LiteLLM.

The Telnyx platform, APIs, and infrastructure were not compromised. This incident was limited to the PyPI distribution channel for the Python SDK.

| Version | Published | |---|---| | telnyx==4.87.1 | 03:51:28 UTC, March 27, 2026 | | telnyx==4.87.2 | Shortly after |

Both versions have been removed from PyPI.

You may be affected if you installed these specific versions. Run the following command to check:

pip show telnyx

If the version shown is 4.87.1 or 4.87.2, treat the environment as compromised.

To remediate, install the last known good version:

pip install telnyx==4.87.0

Technical Details (IOCs):

| Type | Value | |---|---| | C2 server | 83.142.209.203:8080 | | Exfil technique | WAV steganography payload delivery |

The Telnyx platform, voice services, messaging infrastructure, networking, SIP, AI inference, and all production APIs were not affected. The SDK is a client library that wraps public APIs and has no privileged access to Telnyx infrastructure. No customer data was accessed through this incident.