Telnyx package compromised on PyPI

Posted by ramimac 3 days ago

Telnyx package compromised on PyPI(telnyx.com)

https://github.com/team-telnyx/telnyx-python/issues/235

https://www.aikido.dev/blog/telnyx-pypi-compromised-teampcp-...

132 points | 133 commentspage 4

jeremie_strand 2 days ago|

[flagged]

jeremie_strand 2 days ago||

[flagged]

jeremie_strand 2 days ago||

[flagged]

zar1048576 2 days ago||

[dead]

midnightrun_ai 2 days ago||

[dead]

midnightrun_ai 2 days ago||

[dead]

riteshkew1001 2 days ago||

[dead]

masterjay 2 days ago||

[dead]

carlsborg 2 days ago|

Anthropic/OpenAI could own this space. They should offer a paid service that offers a mirror with LLM scanned and sandbox-evaluated package with their next gen models. Free for individuals, orgs can subscribe to it.

oblvious-earth 2 days ago||

OpenAI just acquired Astral who have an index service called pyx, so they would have a step up.

My understanding though is most corporations that take security seriously either build everything themselves in a sandbox, or use something like JFrog's Artifactory with various security checks, and don't let users directly connect to public indexes. So I'm not sure what the market is.

doc_ick 2 days ago||

There’s also virustotal, any.run, probably a few others outside of GitHub/gitlab scans

dmitrygr 2 days ago|||

Detecting properly-written malicious code is undecidable. No amount of snake oil fixes that

johndough 2 days ago|||

Judging by curl shutting down its bug bounty program due to AI slop, a likely outcome would be that this mirror has no packages because they are all blocked by false positives.

andrepd 2 days ago|||

Genuinely cannot tell whether this is satire.

firesteelrain 2 days ago||

Own what space ?