New Blog: Compromised Telnyx on PyPI: WAV Steganography and Credential Theft
Edit Calendar Icon 27 Mar 2026
SafeDep Logo
Threat Intelligence Feed

Malicious Package Threat Intelligence
for Security Operations

The same intelligence that caught LiteLLM, Telnyx, and axios — delivered as a feed your security stack already knows how to consume.

Arrow Outward Request Early Access
1000+
Malicious Packages Detected
1000+
Projects Protected
2M+
Packages Scanned
14hr
Avg Detection Lead

Live Threat Stream

Real malicious package verdicts, IOCs, and campaign intelligence streaming from our detection pipeline. Updated continuously as new threats emerge.

safedep-threat-feed LIVE 62 threats/30d 6 ecosystems
VERDICT npm eslint-config-prettier@9.1.1 | scavenger_malware | 99% | verified
VERDICT pypi litellm@1.82.8 | credential_stealer | 98% | verified
IOC:SHA256 d2a0d5f564628773b6af7b9c11f6b86531a875bd2d186d7081ab62748a800ebb | setup.py | [email protected]
VERDICT pypi telnyx@4.87.2 | trojan_dropper | 97% | verified
IOC:SHA256 7321caa303fe96ded0492c747d2f353c4f7d17185656fe292ab0a59e2bd0b8d9 | setup.py | [email protected]
VERDICT npm nx@21.5.0 | credential_stealer | 99% | verified
VERDICT npm react-refresh-update@2.0.5 | trojan_dropper | 96% | verified
IOC:DOMAIN scan.aquasecurtiy.org |45.148.10.212 | TeamPCP | [email protected], [email protected]
VERDICT npm express-cookie-parser@1.4.12 | trojan_dropper | 95% | verified
VERDICT npm tensorflowjs@0.7.0 | trojan_dropper | 94% | verified
IOC:SHA256 863d274bbeb22ab969f742a06d89bdf0ababb99fdeb074a0fd9057f28b1ef257 | index.js | [email protected]
VERDICT pypi bitensor@9.9.4 | crypto_stealer | 97% | verified
VERDICT npm pino-sdk-v2@9.9.0 | credential_stealer | 93% | verified
IOC:DOMAIN malicanbur.pro |31.220.48.155 | Lazarus | [email protected]
IOC:DOMAIN tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io | TeamPCP/CanisterWorm | [email protected], [email protected]
IOC:DOMAIN models.litellm.cloud | TeamPCP | [email protected]
IOC:FILEPATH ~/.config/sysmon/sysmon.py , ~/.config/systemd/user/sysmon.service | persistence | TeamPCP
IOC:FILEPATH %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\msbuild.exe | persistence | TeamPCP
CAMPAIGN TeamPCP | ICP canister C2, targets CI/CD credentials, K8s escape | 4 pkgs / 3 domains / 5 hashes
_ awaiting next threat...

Built for Security Teams,

Not Just Developers

Intelligence that fits your existing stack. No new platform to deploy. No agents to install.

See how SafeDep works →

Plugs Into What

You Already Run

Wire SafeDep threat intelligence into your existing security infrastructure. No new tools to adopt.

SIEM / SOAR

Splunk, Sentinel, QRadar

Web Proxy / SWG

Zscaler, Palo Alto

Artifact Registry

Artifactory, Nexus

CI/CD Pipeline

GitHub Actions, GitLab CI

Background
SafeDep Logo

Get Early Access

We're onboarding a small number of security teams. Tell us about your use case.

Request Early Access