Threat actor TeamPCP injected credential-stealing malware into Telnyx PyPI SDK versions 4.87.1 and 4.87.2, targeting SSH keys, cloud provider tokens (AWS, GCP, Azure), Kubernetes secrets, and cryptocurrency wallet credentials; ISC SANS has linked the campaign to ransomware affiliate activity. Any environment that imported either malicious version at any point should be treated as fully compromised, with immediate credential rotation and system isolation required. Organizations should audit package inventories and CI/CD pipelines for either affected version and rebuild compromised environments from scratch rather than patching in place.