> TritonInfoSec News
Home / Mar 25, 2026 / Story
0
#1 BleepingComputer general March 24, 2026 at 22:29 UTC

Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack

By Lawrence Abrams

AI Summary

TeamPCP hackers compromised the popular LiteLLM Python package on PyPI, pushing malicious versions 1.82.7 and 1.82.8 containing credential harvesters and Kubernetes lateral movement toolkits. This supply chain attack affects hundreds of thousands of devices and follows the group's recent compromises of Trivy and Checkmarx KICS security tools.

Read full article → https://www.bleepingcomputer.com/news/security/pop…

Relevance score: 95.0/100

# More from March 25

  1. 2
    PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug BleepingComputer
  2. 3
    DarkSword’s GitHub leak threatens to turn elite iPhone hacking into a tool for the masses CyberScoop
  3. 4
    Stryker says malware was involved in recent cyberattack as production lines reopen The Record
  4. 5
    FCC bans new routers made outside the USA over security risks BleepingComputer
  5. 6
    Russian access broker sentenced to over 6 years in prison for ransomware schemes CyberScoop
  6. 7
    Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks The Hacker News
  7. 8
    Extortion Group Claims It Hacked AstraZeneca SecurityWeek
  8. 9
    Infinite Campus warns of breach after ShinyHunters claims data theft BleepingComputer
  9. 10
    3.1 Million Impacted by QualDerm Data Breach SecurityWeek