A malicious actor linked to the Trivy supply-chain attack has compromised the PyPI repository by uploading tainted versions of the Telnyx package, aiming to install credential-stealing malware on developers' systems. This latest incident follows a pattern of package poisoning attacks, where attackers inject malicious code into open-source software to gain unauthorized access to sensitive information. The attackers' tactics involve exploiting vulnerabilities in the software supply chain, highlighting the need for enhanced security measures to prevent such breaches. The fact that these attacks are becoming more frequent and sophisticated1 suggests that the threat landscape is evolving, with potential downstream regulatory and supply-chain effects. This development matters to practitioners because it underscores the importance of vigilant monitoring and secure coding practices to prevent the spread of malware through compromised packages.