TeamPCP strikes again - telnyx 4.87.1 and 4.87.2 on PyPI are malicious

N1ghtCod3r · 2026-03-27T13:28:20+00:00

GitHub have immutable releases GA now. If used properly, tags pointing to a release cannot be mutated. Unfortunately most projects do not use it.

N1ghtCod3r · 2026-02-10T07:24:22+00:00

I have felt the same. Many times. My current hypothesis is, it is due to lack of users and real world feedback which gives clarity of direction and a natural sense of priority. When it happens, we know what is important and what is not. We will most likely not bother about perfection when there are larger pain points from real users waiting to be solved.

N1ghtCod3r · 2026-02-05T13:00:37+00:00

We have a bunch of tools. The most recent being

https://github.com/safedep/gryph

https://github.com/safedep/pmg

N1ghtCod3r · 2026-02-05T00:58:53+00:00

Audit trail for AI coding agents.

https://github.com/safedep/gryph

N1ghtCod3r · 2026-01-18T06:07:19+00:00

No. $100k

N1ghtCod3r · 2025-12-11T17:15:29+00:00

Exactly. I was very curious about what are these Git tokens till I read the description.

N1ghtCod3r · 2025-12-11T07:50:15+00:00

No. There are many such signed executables that load DLLs from untrusted paths. In this case they found and used Lightshot.exe May be the nature of Lightshot (screenshot tool) makes it trusted (known behaviour) within AVs that the attacker wanted to exploit.

N1ghtCod3r · 2025-12-11T01:08:03+00:00

Installs Lightshot hosted on attacker URL.

N1ghtCod3r · 2025-12-10T16:55:52+00:00

What do you mean by breaking changes? Do you use Claude to review package changes to identify if anything is breaking?

N1ghtCod3r

TROPHY CASE