THIS is the second TeamPCP update covering developments from 26 to 27 March 2026, including the Telnyx PyPI compromise and the expansion of a Vect ransomware mass affiliate programme. Telnyx’s Python SDK on PyPI was compromised, with malicious versions 4.87.1 and 4.87.2 published around 03:51 UTC on 27 March 2026; the last known safe version is 4.87.0, and the payloads include WAV audio steganography with Windows and Linux/macOS specifics.
The update also notes TeamPCP has formalised a partnership with Vect ransomware and BreachForums, potentially distributing affiliate keys to roughly 300,000 BreachForums users, triggering a shift towards industrialised ransomware deployment. LAPSUS$ is publicly claiming a 3GB AstraZeneca breach attributed to TeamPCP credentials, though AstraZeneca has not confirmed the breach at publication.
Additional items include a correction on the CISA KEV remediation deadline to 8 April 2026 and ongoing forensics on LiteLLM’s attack, with warnings to rotate credentials and monitor for indicators such as the C2 domain models.litellm[.]cloud. According to Cybernews and Infosecurity Magazine, the announcement outlines the Mass Affiliate model and potential scale of the operation.