Signal
TeamPCP supply chain attacks slow but shift to ransomware with Telnyx targeted
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-03-30 10:53 UTCUpdated 2026-03-30 17:42 UTC
rss
supply_chainmalwareransomwareincident_responsesecurity_policy
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
The cybercrime group TeamPCP, known for a rapid succession of supply chain attacks on open-source projects, has paused new breaches after compromising Telnyx's SDK on PyPI.
Entities
TelnyxDatabricksAstraZenecaTrivyCanisterWormCheckmarxLiteLLM
Score total
1.39
Momentum 24h
4
Posts
4
Origins
4
Source types
1
Duplicate ratio
0%
Why now
- TeamPCP’s recent rapid succession of attacks culminated in the Telnyx compromise, marking a critical escalation.
- The three-day pause in new supply chain compromises signals a tactical shift toward ransomware monetization.
- Active investigations into Databricks and AstraZeneca incidents underscore the campaign’s continuing relevance and threat.
Why it matters
- Supply chain attacks on open-source projects can compromise many downstream users and organizations.
- The shift to ransomware increases the financial and operational risk posed by TeamPCP’s campaign.
- Ongoing investigations into related breaches highlight the broad impact and evolving tactics of this threat actor.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
- TeamPCP has been rapidly compromising open-source projects via supply chain attacks by uploading malicious packages to PyPI.
- TeamPCP has paused new supply chain compromises for three days but shifted focus to ransomware operations.
- The latest attack involved malicious Telnyx SDK versions uploaded to PyPI targeting Windows, macOS, and Linux systems with credential-stealing malware.
How sources frame it
- Help Net Security: neutral
- SecurityWeek: neutral
- The Register Security: neutral
- SANS Internet Storm Center: neutral
All evidence
All evidence
Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
The Register Security · go.theregister.com · 2026-03-30 17:42 UTC
TeamPCP’s attack spree slows, but threat escalates with ransomware pivot
Help Net Security · helpnetsecurity.com · 2026-03-30 15:33 UTC
TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released, (Mon, Mar 30th)
SANS Internet Storm Center (Handler's Diary) · isc.sans.edu · 2026-03-30 14:59 UTC
Telnyx Targeted in Growing TeamPCP Supply Chain Attack
SecurityWeek · securityweek.com · 2026-03-30 10:53 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -
Showing 4 / 0
Top publishers (this list)
- The Register Security (1)
- Help Net Security (1)
- SANS Internet Storm Center (Handler's Diary) (1)
- SecurityWeek (1)
Top origin domains (this list)
- go.theregister.com (1)
- helpnetsecurity.com (1)
- isc.sans.edu (1)
- securityweek.com (1)