剣 KENSAI
← All posts · security · 2026-03-28 · 12 min

TeamPCP ने Telnyx PyPI के ज़रिए WAV फ़ाइलों में स्टीलर छिपाया, LangChain & LangGraph की खामियाँ सीक्रेट्स को उजागर करती हैं, यूरोपीय आयोग AWS ब्रीच, डच पुलिस फ़िशिंग का शिकार, GitHub VS Code मालवेयर अभियान

TeamPCP ने PyPI पर Telnyx Python पैकेज को समझौता करके WAV ऑडियो फ़ाइलों में स्टेगनोग्राफी से क्रेडेंशियल-चोरी मालवेयर छिपाया। LangChain और LangGraph की तीन गंभीर कमज़ोरियाँ फ़ाइलसिस्टम डेटा, एनवायरनमेंट सीक्रेट्स और कन्वर्सेशन डेटाबेस को उजागर करती हैं। यूरोपीय आयोग अपने AWS वातावरण की ब्रीच की जाँच कर रहा है — कथित तौर पर 350 GB डेटा एक्सफ़िल्ट्रेट किया गया। डच पुलिस ने फ़िशिंग ब्रीच का खुलासा किया। GitHub पर नकली VS Code सुरक्षा अलर्ट डेवलपर्स को मालवेयर वितरित करते हैं।


1. TeamPCP Compromises Telnyx PyPI Package — WAV Audio Steganography Hides Credential Stealer

⚠️ SUPPLY CHAIN ATTACK — Audio Steganography Used to Evade Detection

TeamPCP, the threat actor behind the Trivy, KICS, and LiteLLM supply chain attacks, has now compromised the Telnyx Python package on PyPI. Malicious versions 4.87.1 and 4.87.2 conceal credential-stealing malware inside WAV audio files to bypass security scanners.

TeamPCP continues its unprecedented open-source supply chain campaign. On March 27, 2026, researchers from Aikido, Endor Labs, JFrog, Socket, and StepSecurity confirmed that the Telnyx Python package on PyPI had been compromised with two malicious versions. The attack represents a significant evolution in technique: credential-stealing payloads are now hidden inside WAV audio files using steganography.

Attack Chain Details

The malicious code is injected into telnyx/_client.py, triggering automatically when the package is imported. The three-stage attack chain works differently depending on the target OS:

The entire chain operates within a self-destructing temporary directory, leaving near-zero forensic artefacts. This is the same WAV steganography technique TeamPCP previously used in the "kamikaze" wiper malware — now refined for credential theft.

How TeamPCP Got the Token

Endor Labs researchers believe the Telnyx PyPI token was harvested during the earlier LiteLLM compromise. TeamPCP's credential harvester swept environment variables, .env files, and shell histories from every system that imported LiteLLM. If any developer or CI pipeline had both LiteLLM installed and access to the Telnyx PyPI token, that token was already in TeamPCP's hands — creating a cascading supply chain compromise.

CRA and NIS2 Implications

What This Means for Your Organisation


2. LangChain & LangGraph Vulnerabilities Expose Files, Secrets, and Databases

⚠️ CRITICAL VULNERABILITIES — Three Independent Data Exfiltration Paths in World's Most Popular AI Framework

Three vulnerabilities in LangChain and LangGraph (CVE-2026-34070, CVE-2025-68664, CVE-2025-67644) expose filesystem data, environment secrets, and conversation history. LangChain-Core alone was downloaded 23 million times last week.

Cyera security researcher Vladimir Tokarev has disclosed three critical vulnerabilities in LangChain and LangGraph — the world's most popular frameworks for building LLM-powered applications. Each flaw provides an independent path to drain sensitive enterprise data:

CVE CVSS Type Impact Fixed Version
CVE-2026-34070 7.5 Path Traversal Arbitrary file read via prompt-loading API langchain-core ≥1.2.22
CVE-2025-68664 9.3 Deserialization API key and environment secret leakage langchain-core 0.3.81 / 1.2.5
CVE-2025-67644 7.3 SQL Injection Full database access via checkpoint metadata langgraph-checkpoint-sqlite 3.0.1

The most severe flaw, CVE-2025-68664 (CVSS 9.3), allows attackers to leak API keys and environment secrets by passing a crafted data structure that LangChain interprets as a pre-serialised object rather than user input. This vulnerability — dubbed "LangGrinch" by Cyata who first identified it in December 2025 — can be exploited via prompt injection.

The Ripple Effect

Cyera warns that LangChain doesn't exist in isolation — it sits at the centre of a massive dependency web. Hundreds of libraries wrap, extend, or depend on LangChain. When a vulnerability exists in LangChain's core, it ripples through every downstream library, wrapper, and integration. With 52 million downloads per week for LangChain alone, the blast radius is enormous.

EU AI Act and CRA Context

What This Means for Your Organisation


3. European Commission Investigates AWS Breach — 350 GB Allegedly Stolen

🔶 INSTITUTIONAL BREACH — EU Executive Body's Cloud Environment Compromised

The European Commission, the EU's main executive body, is investigating a security breach after a threat actor gained access to at least one of its AWS accounts. The attacker claims to have exfiltrated over 350 GB of data including employee information and databases.

The European Commission is investigating what appears to be a significant breach of its Amazon Web Services (AWS) cloud environment. Key details reported by BleepingComputer:

This is the second Commission breach in two months. In February, the Commission disclosed that its mobile device management platform was hacked on January 30, in an incident linked to Ivanti EPMM code-injection vulnerabilities that also affected the Dutch Data Protection Authority and Finland's Valtori.

Regulatory and Political Implications

The irony is not lost on observers — the institution drafting Europe's cybersecurity laws is itself suffering repeated breaches:

What This Means for Your Organisation


4. Dutch Police Discloses Phishing Breach — Second Incident in 18 Months

🔶 LAW ENFORCEMENT BREACH — Quick Detection Limits Impact

The Dutch National Police (Politie) has disclosed a phishing breach detected by its Security Operations Center. While it reports limited impact with no citizen data exposed, this marks the second breach since September 2024, when a state actor compromised officer contact data.

The Dutch National Police has reported being targeted by a phishing attack that resulted in a security breach. According to the March 25 press release:

In September 2024, the Dutch police suffered a more severe breach linked to a "state actor" that stole work-related contact information for multiple officers, including names, email addresses, phone numbers, and some private data. That investigation remains ongoing.

NIS2 and Law Enforcement Cybersecurity

What This Means for Your Organisation


5. Fake VS Code Security Alerts on GitHub Spread Malware to Developers

⚠️ DEVELOPER-TARGETED CAMPAIGN — Thousands of Repositories Hit with Fake Vulnerability Advisories

A large-scale, coordinated campaign is posting fake VS Code security alerts in the Discussions section of thousands of GitHub repositories, tricking developers into downloading malware via Google Drive links. The campaign triggers email notifications to repository watchers.

Application security company Socket has uncovered a sophisticated, large-scale campaign targeting developers on GitHub. The attackers:

The fake alerts include links to supposedly patched VS Code extensions hosted on Google Drive. Clicking these triggers a cookie-driven redirect chain leading to a JavaScript reconnaissance script that collects timezone, locale, user agent, OS details, and automation indicators before delivering a second-stage payload to validated victims.

Social Engineering at Scale

This campaign is notable for its abuse of trust signals:

CRA Developer Security Obligations

What This Means for Your Organisation


Today's Threat Landscape Summary

Development Regulation Impact Action Required
TeamPCP Telnyx WAV Steganography CRA / NIS2 Cascading supply chain compromise via audio steganography Downgrade Telnyx to 4.87.0, audit LiteLLM exposure
LangChain/LangGraph Flaws EU AI Act / CRA / GDPR Files, secrets, databases exposed across millions of AI apps Patch langchain-core ≥1.2.22, rotate API keys
European Commission AWS Breach NIS2 / EUCS / Reg. 2018/1725 350 GB allegedly stolen from EU executive body Audit AWS IAM, implement CSPM
Dutch Police Phishing Breach National Cybersecurity Second breach in 18 months, limited impact Strengthen phishing defences, invest in SOC detection
GitHub VS Code Malware Campaign CRA / DSA Thousands of repos hit with fake security advisories Verify CVEs via official sources, audit extensions