SummaryOn March 27, 2026 at 03:51:28 UTC, two unauthorized versions of the Telnyx Python SDK were published to PyPI: versions 4.87.1 and 4.87.2. Both versions contained malicious code. Both were quarantined by 10:13 UTC the same day.This incident is part of a broader supply chain campaign that has also affected Trivy, Checkmarx, and LiteLLM.The Telnyx platform, APIs, and infrastructure were not compromised. This incident was limited to the PyPI distribution channel for the Python SDK.Affected Ve...