Telnyx has malicious code in PyPI versions 4.87.1 and 4.87.2
On March 27, 2026, a threat actor used compromised PyPI credentials to publish malicious versions 4.87.1 and 4.87.2 of the telnyx Python package directly to PyPI. These versions contain credential-stealing malware and were not published through the legitimate GitHub release pipeline.