> TritonInfoSec News
Home / Mar 26, 2026 / Story
0
#8 The Hacker News general March 24, 2026 at 18:21 UTC

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

By [email protected] (The Hacker News)

AI Summary

TeamPCP threat actors compromised the popular Python package litellm, publishing malicious versions 1.82.7 and 1.82.8 containing credential harvesters, Kubernetes lateral movement toolkits, and persistent backdoors. This supply chain attack follows their previous compromises of Trivy and KICS security tools, indicating an ongoing campaign targeting developer infrastructure.

Read full article → https://thehackernews.com/2026/03/teampcp-backdoor…

Relevance score: 76.0/100

# More from March 26

  1. 1
    PolyShell attacks target 56% of all vulnerable Magento stores BleepingComputer
  2. 2
    New Torg Grabber infostealer malware targets 728 crypto wallets BleepingComputer
  3. 3
    Bubble AI app builder abused to steal Microsoft account credentials BleepingComputer
  4. 4
    Citrix urges admins to patch NetScaler flaws as soon as possible BleepingComputer
  5. 5
    GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data The Hacker News
  6. 6
    Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse The Hacker News
  7. 7
    FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns The Hacker News
  8. 9
    Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks The Hacker News
  9. 10
    LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace The Hacker News