Advertisement
SU
HIGH
Supply Chain
PyPI Supply Chain Threat: Deceptive Packages Target Developers
Analysis of malicious Python packages such as cryptography-util using deceptive naming to exfiltrate Discord tokens and system metadata via webhooks.
Runtime Rebel Intel
3 min read·May 11, 2026
SU
HIGH
Supply Chain
litellm 1.82.8 Supply Chain Compromise via Malicious .pth File
Security analysis of a supply chain compromise in litellm 1.82.8 on PyPI, where a malicious .pth file enables automatic code execution on Python startup.
Runtime Rebel Intel
3 min read·Apr 8, 2026
HIGH
Supply Chain
Telnyx PyPI Package Compromised by TeamPCP via Steganography
TeamPCP threat actors distributed malicious Telnyx Python package versions 4.87.1 and 4.87.2 on PyPI to harvest credentials using hidden WAV files.
Runtime Rebel Intel
3 min read·Mar 27, 2026