First reported by Datadog
LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM
3mo agoen
Source
SnykHow a Poisoned Security Scanner Became the Key to Backdooring LiteLLMsnyk.ioOn March 24, 2026, threat actor known as TeamPCP published backdoored versions of the litellm Python package after stealing PyPI credentials via a compromised Trivy GitHub Action in LiteLLM's CI/CD pipeline. Here's what happened, how the three-stage malware works, and how to check if you're affected.
You might also wanna read
LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
Datadog·3mo ago
Real-Time Investigation of LiteLLM 1.82.8 PyPI Supply Chain Attack on March 24, 2026
This article documents a real-time investigation and response to the LiteLLM 1.82.8 supply chain attack on March 24, 2026. It presents a min
Critical Security Alert: Malicious Credential-Stealing File Found in litellm 1.82.8 PyPI Package
The article reports a critical security vulnerability in the litellm==1.82.8 Python package on PyPI, which contains a malicious .pth file th
Security Alert: Litellm Versions 1.82.7 and 1.82.8 on PyPI Compromised - Sandboxing Limitations Discussed
The article discusses a security incident involving compromised versions of Litellm (1.82.7 and 1.82.8) on PyPI, highlighting the importance
CISA Adds Critical LiteLLM Vulnerability to Known Exploited Catalog, Mandates Federal Remediation by June 22
CISA has added CVE-2026-42271, a critical vulnerability affecting LiteLLM Model Context Protocol endpoints, to its Known Exploited Vulnerabi
Trivy Vulnerability Scanner Compromised in Supply Chain Attack That Harvested CI/CD Credentials
The article details a sophisticated supply chain attack on Aqua Security's Trivy vulnerability scanner in March 2026, where attackers inject

Comments
Sign in to join the conversation.
No comments yet. Be the first.