On March 27, 2026, telnyx Python SDK v4.87.1/4.87.2 was contaminated with PyPI. TeamPCP collects authentication information for OpenAI, Anthropic, AWS, and GCP by hiding payloads in WAV files. 742K downloads per month.
North Korean Famous Chollima has released 26 npm packages as an extension of the Contagious Interview campaign. Hiding C2 with zero-width Unicode characters in a Pastebin essay and deploying a 9-module RAT via 31 Vercel deployments.
