SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, March 30th, 2026: More TeamPCP: telnyx; Netscaler Exploit; macOS ClickFix Fix; Windows Smart Install
Mar 30, 2026
Updates on a supply-chain campaign that added a malicious Telnyx package to PyPI. Discussion of a Citrix Netscaler memory overread exploit and active probing of vulnerable systems. A warning to assume compromise for unpatched SAML-configured Netscalers. Notes on macOS paste-click protections and Windows Smart Install app-source restrictions.
AI Snips
Chapters
Transcript
Episode notes
PyPI Compromise Targets AI Integrations
- TeamPCP supply-chain actors are expanding by compromising PyPI packages used by AI integrations.
- Attackers replaced Telnyx's PyPI package, delivering OS-specific payloads (Windows, Linux, macOS) and even embedding code in WAV files to evade detection.
Pin PyPI Versions To Prevent Silent Supply Chain Changes
- Use version pinning to avoid automatically pulling a newly published malicious PyPI release.
- Johannes Ulrich warns only systems that install the new compromised Telnyx package after publication are affected, so pin known-good versions.
Supply Chain Actors Feeding Ransomware Ecosystem
- TeamPCP is linking with ransomware groups, acting as access brokers or selling credentials.
- Johannes Ulrich notes their output may feed forums like Breach Forum to turn initial access into ransomware campaigns.