infosec in brief The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package versions to PyPI in an effort to plant credential-stealing malware on developers’ systems.
Ox Security warned on Friday that TeamPCP – the group researchers link to the recent compromise of open-source vulnerability scanner Trivy, which led to malicious LiteLLM packages appearing on PyPI – is back, this time with another compromise of a legitimate software package.
In this case, the crew hit Telnyx, which offers VoIP services and AI voice agents. TeamPCP appears to have compromised the PyPI distribution of Telnyx’s Python SDK, replacing current package versions with malicious releases loaded with a multi-stage infostealer and persistence mechanisms. According to Ox, the malware added to the package is similar to the malicious code added to LiteLLM.
According to Ox, the Telnyx malware’s main difference from the LiteLLM package is how it’s installed: Instead of embedding malicious code directly in the file, the Telnyx package downloads its malware in the form of a .wav file that’s decoded and executed on the target machine.
Telnyx told Ox in a post on X that it had found and resolved the issue, while noting that the only affected component was its Python package. None of Telnyx’s infrastructure, networking, or other services or APIs were affected, according to the company, though anyone who installed the Python package while the malicious versions were live should treat that environment as compromised.
Those worried they might be affected should check their installed Telnyx version — if you’re running 4.87.1 or 4.87.2, Telnyx recommends treating the host as compromised and rotating any exposed credentials.
Telnyx sees more than 34,000 downloads a week on PyPI, Ox noted, so it’s possible quite a few developers and services pulled one of the malicious releases before they were removed.
Alleged RedLine operator extradited to US
The mastermind may still be at large, but one of the men alleged to be behind the development and administration of prolific infostealer RedLine is behind bars in the US after being extradited to face charges.
Hambardzum Minasyan, an Armenian national, last week made his initial appearance in federal court in Austin, Texas, on charges of conspiracy to commit access device fraud, conspiracy to violate the CFAA, and conspiracy to commit money laundering.
According to the indictment, Minasyan’s part of RedLine’s operations involved registering virtual private servers and domains to host RedLine infrastructure, as well as the creation of repositories used to host RedLine for distribution to affiliates. Minasyan also allegedly registered a cryptocurrency account used to receive RedLine affiliate payments.
If convicted on all three charges, Minasyan faces up to 30 years in prison.
Law enforcement first publicly identified alleged RedLine developer and administrator Maxim Rudometov in 2024, accusing the Russian national of helping build and run the infostealer operation. Last year, the US government offered a $10 million bounty for information on Rudometov and his co-conspirators. It’s not clear whether any money was paid out in relation to the arrest of Minasyan.
Snapchat, porn platforms, put on notice for DSA violations
What does Snapchat have in common with Pornhub, Stripchat, and other porn platforms? All came under EU scrutiny last week under the Digital Services Act over alleged failures to protect minors online.
In Snapchat’s case, the matter is a bit earlier in proceedings, as Pornhub, Stripchat, XNXX, and XVideos were all preliminarily found last week to be in breach of the DSA for failing to implement effective age-verification measures that would keep minors off their services.
According to the European Commission, all four platforms have a simple self-verification system in place requiring visitors to confirm they’re over 18 without any formal checks in place. As this is a preliminary finding, the Commission is now giving the porno-pushers an opportunity to respond.
The Commission suspects that Snapchat has a similar weakness in relying on self-declaration, noting the platform’s age-assurance measures may be insufficient.
“The Commission suspects that Snapchat is not adequately protecting minors from being contacted by users with harmful intent, such as sexual exploitation or recruitment for criminal activities,” the EC explained.
The Commission will now carry out an in-depth investigation into Snapchat before deciding whether to take further enforcement steps.
LAPSUS$ spills alleged AstraZeneca data
The cybercriminals behind the LAPSUS$ threat group have released 2.66 GB of data allegedly stolen from drug maker AstraZeneca, and threat watchers say it could become one of the more serious healthcare cyber incidents of 2026 so far if the claims hold up.
According to SOCRadar, LAPSUS$ claimed to have hit AstraZeneca recently, making off with what they claim are internal code repositories, access-related data, cloud and infrastructure references, and employee records – data which could be devastating to the company in the hands of the right – or wrong – person.
Per SOCRadar, the data they reviewed “points to a potentially meaningful internal code and operations exposure rather than a small credential-only leak.” They warn that the purportedly stolen data could be used for follow-on intrusions, to target phishing attacks, and to compromise AstraZeneca partners in supply chain attacks.
LAPSUS$ released the full dataset over the weekend, SOCRadar reported.
US National Lab creates exascale AI model vulnerability detector
Researchers at Oak Ridge National Laboratory have created what they say is an efficient, effective AI vulnerability detection machine that can operate at the exascale level, and all it took was turning a friendly neural network optimization bot into an exploitative one.
“It might sound devious, but it’s worked very well,” said ORNL Center for Artificial Intelligence Security Research director Edmon Begoli.
Photon, as the ORNL team dubbed it, is designed to explore, discover, and exploit AI vulnerabilities at scale. According to the team, it starts by applying publicly known attacks against a target model and refining them based on the results. Simultaneously, the team said, it continues exploring the model for new weaknesses, which it can then exploit as part of an ongoing cycle to refine the most effective attacks it finds.
Photon is also able to significantly reduce bottlenecks and auxiliary tasks associated with red team AI campaigns – per the team, it scaled without loss of computational efficiency, and maintained 95 percent resource utilization across 1,920 GPUs on the lab’s Frontier supercomputer.
And there’s the rub: This thing can find and exploit anything it can find in an AI model, but such capabilities are limited to supercomputing labs for now.
“Photon represents a paradigm shift in how we approach AI security,” Begoli said. Thankfully it won’t be something bad actors will have the resources to utilize for some time. ®
