Executive summary On March 19, 2026, multiple outlets reported that the threat actor TeamPCP compromised Aqua Security's open source repository of its popular vulnerability scanner, Trivy, to harvest credentials. Just a few days later, reports of the same attack pattern also appeared in a GitHub Action for Checkmarx AST and Checkmarx KICS. Since then, the attacker used further stolen credentials to embed sophisticated credential stealers into the popular PyPI package of LiteLLM.  Telnyx SDK library on PyPI is the latest reported compromise in this attack on open source repositories. In this blog post, we analyze how the Telnyx SDK package on PyPI appears to have been tampered with by threat actors who published unauthorized versions containing a malicious payload and provide mitigation recommendations against this type of attack.…