Authlib OAuth Vulnerability: Update Required

🚨 High risk vulnerability in Authlib! CVE-2026-28802 allows attackers to bypass signature verification by setting `alg: none` and a blank signature. This issue points out the importance of API security. It's been patched in version 1.6.7, so update ASAP! #Authlib #Python #OAuth #OpenIDConnect #APISecurity #OWASP #CVE202628802 🛡️ https://lnkd.in/g7YS_ka9

🚨 Telnyx Python SDK compromised. TeamPCP's 5th supply chain attack in 9 days. PyPI versions 4.87.1 and 4.87.2 hide payloads inside valid WAV audio files. Our AI threat agent detected it this morning. We wrote up the technical breakdown. If you run Telnyx, check your version now. Full writeup here: https://lnkd.in/dZ6C3hFm #SupplyChainSecurity #InfoSec #PyPI #Python #DevSecOps #AppSec #ThreatIntel, #AISecurity, #CISO

⚠️ Medium Risk Vulnerability Alert! The Claude SDK for Python has a memory tool path validation race condition that allows sandbox escape. This issue is related to API security and can lead to unrestricted resource consumption. It's been patched in version 0.87.0. Stay safe and keep your systems updated! #ClaudeSDK #Python #APIsecurity #OWASP #CVE2026-34452 https://lnkd.in/g26q6ZAn

🚨Medium Risk Vulnerability🚨 in Claude SDK for Python! A security misconfiguration (CVE-2026-34450) could allow local attackers to read or modify memory files, potentially influencing model behavior. This highlights the importance of #APISecurity. The issue has been patched in version 0.87.0, so please update if you're using this SDK. #ClaudeSDK #Python #OWASP #SecurityMisconfiguration https://lnkd.in/g6dJ-sea

Good morning. Another supply chain attack: If you use the Telnyx Python SDK, make sure you’re not on 4.87.1 or 4.87.2. Both are compromised.

🚨 TeamPCP compromises another open source project What happened: Versions 4.87.1 and 4.87.2 of the telnyx Python SDK on PyPI were compromised by TeamPCP with credential-stealing malware. PyPI has quarantined both versions. Users should pin to 4.87.0. How it works: Three-stage attack chain. Malicious code injected into _client.py (the core HTTP client), so it fires at import telnyx – not via postinstall hooks, which are heavily monitored. Dual OS-specific paths: Windows gets a persistent binary dropped in the Startup folder disguised as msbuild.exe; Linux/macOS gets a one-shot fileless harvester that exfiltrates credentials and self-destructs. Notable tradecraft: - Audio steganography for payload delivery – second-stage harvester hidden in WAV files downloaded from C2, extracted via base64 + XOR - Fileless execution on Linux – harvester runs via stdin pipe to a child Python process, never touches disk - Hybrid encryption on exfil – AES-256-CBC with RSA-4096 wrapped session keys using OAEP padding. Data is unrecoverable without the attacker’s private key - No new dependencies added – uses only stdlib modules and system openssl/curl Operational details: The attacker shipped a bugfix release (4.87.2) solely to fix a case-sensitivity typo that broke the Windows path. This confirms sustained access to publishing credentials and an active testing pipeline. Neither malicious version has corresponding commits in the official GitHub repo. C2: 83.142.209.203:8080, plain HTTP, telephony-themed filenames (ringtone.wav, hangup.wav). Action items: Rotate all credentials from any environment that imported these versions. Block the C2 IP. Check Windows Startup folders. Purge from internal mirrors.

TeamPCP again... is going to be a daily thing? It looks like the socket-team was on this very quickly which limited the compromise window but if TeamPCP did get credentials out of this, it gives them access to perform automated phonecalls (vhishing), and SMS campaigns at (AI) scale. The gift just keeps on giving.... They're getting pretty crafty in terms of hiding their malware. Not exactly new/ground-breaking, but clever and existing defenses don't easily spot this sort of thing. Audio Steganographic Payload Delivery Rather than embedding the second-stage harvester directly in the package (which would be trivially flagged by static analysis tools and PyPI's malware scanners), the threat actor employs audio steganography as a retrieval mechanism. The script downloads ringtone.wav. The choice of a .wav file is not arbitrary. WAV is a raw, uncompressed audio format whose frame data is essentially an opaque byte stream. Unlike MP3 or OGG, WAV frames undergo no lossy compression that would corrupt embedded data. And unlike executable or archive formats, audio files are unlikely to trigger content-type-based network inspection or endpoint detection rules. To a network monitor or a proxy log, the download appears to be a benign audio file fetch.

I've just published a small tool that gathers a few pieces of OSINT information about a domain or an IP address, named 𝐰𝐡𝐨-𝐝𝐢𝐬. This is a very early version of the tool, and I'll be working on expanding its capabilities. If you have a free API key from ipinfo .io, the tool can get you some IP geolocation information as well. As always, contributors are always welcomed. https://lnkd.in/gXXCVZEE #osint #python #opensource

The Distribution of DNS records shows key aspects regarding the current state of the digital ecosystem in the Caribbean. For instance, the use of ccTLDs for international purposes could explain why countries with a less developed network infrastructure have more IPv6 records.  #Digital #Python #DNS #Innovation #education  #Tecnologia