Two telnyx versions published containing credential harvesting malware

After an API token exposure from an exploited Trivy dependency,two new releases of telnyx were uploaded to PyPI containing automatically activated malware,harvesting sensitive credentials and files, and exfiltrating to a remote API.Compromised versions execute code during importing the telnyx...

OESA-2026-1775 python-pyasn1 security update

Abstract Syntax Notation One ASN.1 is a technology for exchanging structured data in a universally understood, hardware agnostic way. Many industrial, security and telephony applications heavily rely on ASN.1. The pyasn1 library implements ASN.1 support in pure-Python. Security Fixes: The pyasn1...

OESA-2026-1734 pyOpenSSL security update

pyOpenSSL is a rather thin wrapper around a subset of the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. Security Fixes: A security vulnerability exists in the PyOpenSSL library's...

The Telnyx PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks

...

The Telnyx SDK on PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks

...

CLSA-2026-1774431305 python-pyasn1: Fix of CVE-2026-23490

CVE-2026-23490: fix DoS when malicious stream parsed...

CLSA-2026-1774614606 python3: Fix of CVE-2025-15366

CVE-2025-15366: reject control characters in IMAP commands...

CLSA-2026-1774614065 python3: Fix of CVE-2025-15366

CVE-2025-15366: reject control characters in IMAP commands...

CLSA-2026-1774613805 python3: Fix of CVE-2025-15366

CVE-2025-15366: reject control characters in IMAP commands...

RLSA-2026:4713 Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

SUSE-SU-2026:1117-1 Security update for python311

This update for python311 fixes the following issues: Update to python 3.11.15: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

Security update for python312

This update for python312 fixes the following issues: Update to Python 3.12.13: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

SUSE-SU-2026:1107-1 Security update for python312

This update for python312 fixes the following issues: Update to Python 3.12.13: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

Malicious code in thisismytest123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7640ee5ded7bcafbd9863565d68a7768bdc9bd2abca56a69d73576e7e9b2c0df During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category:...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python3.13: python3.13-3.13.12-2.hum1 aarch64, x8664 python3.13-debug-3.13.12-2.hum1 aarch64, x8664 python3.13-devel-3.13.12-2.hum1 aarch64, x8664 python3.13-freethreading-3.13.12-2.hum1 aarch64,...

MAL-2026-2254 Malicious code in telnyx (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 64fdec8c3d81e855431dd89a2eb1008654d9d4ba0e01293166234b3609efe00a The OpenSSF Package Analysis project identified 'telnyx' @ 4.87.2 pypi as malicious. It is considered malicious because: - The package executes...

[SECURITY] Fedora 43 Update: pyOpenSSL-26.0.0-1.fc43

High-level wrapper around a subset of the OpenSSL library, includes among oth ers SSL.Connection objects, wrapping the methods of Python's portable sockets Callbacks written in Python Extensive error-handling mechanism, mirroring OpenSSL's error codes...

[SECURITY] Fedora 43 Update: python-cryptography-46.0.5-1.fc43

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

Medium: python-flask

Issue Overview: Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs cach...