Published 6 days ago • loading... • Updated 5 days ago

Top LLM PyPl Package Compromised to Steal User Details - Here's What We Know

Threat actors compromised the popular LiteLLM Python package on PyPI, publishing malicious versions 1.82.7 and 1.82.8 today that deploy an infostealer harvesting sensitive data.
The TeamPCP hacking group, responsible for the recent high-profile breach of the Trivy scanner, claimed responsibility for attacks targeting the package with over 3.4 million daily downloads.
Analysis by BleepingComputer reveals the "TeamPCP Cloud Stealer" harvests SSH keys and cloud tokens, while installing a persistent systemd backdoor disguised as a "System Telemetry Service."
PyPI removed the malicious versions, with version 1.82.6 now the latest clean release; security researchers advise organizations to rotate all credentials and secrets on impacted devices.
Researchers warn attackers frequently exploit credentials from previous breaches; organizations should monitor Kubernetes clusters for unauthorized pods and suspicious outbound traffic to prevent cascading attacks.

Insights by Ground AI

Podcasts & Opinions

Podcast Mention

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Daily Cyber Security podcast

SANS Stormcast Thursday, March 26th, 2026: Apple Patches; SmatApeSG Update; Trivy/LiteLLM/TeamPCP Update; Google Accelerates Quantum Save Crypto Rollout

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) discuss TeamPCP’s LiteLLM/Trivy supply-chain compromise and mitigation steps like SHA pinning and rapid credential rotation

5 days ago

Listen to Full Episode Full Episode Unlock Timestamp

Get Vantage — Podcasts, Ratings, Timestamps

Podcasts & Opinions

24 Articles

TechCrunch

Center

Delve did the security compliance on LiteLLM, an AI project hit by malware

LiteLLM offers an AI open source project used by millions that was infected by credential harvesting malware.

5 days ago·United States

Read Full Article

Tech Radar

Center

Top LLM PyPl package compromised to steal user details - here's what we know

Aqua Security’s Trivy vulnerability scanner compromise is trickling down into a hugely popular Python package.

5 days ago·United Kingdom

Read Full Article

BleepingComputer

Center

Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular

6 days ago

Read Full Article

Vogon Today

The Silent Code Breach: How TeamPCP Compromised the Global Software Supply Chain - Economic Scenarios

In today's software development world, craftsmanship is a thing of the past: no one writes all the code from scratch anymore. Instead, we rely on

5 days ago

Read Full Article

Security Boulevard

How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack

Learn how to detect compromise, assess your exposure to the LiteLLM supply chain attack, and use GitGuardian to orchestrate rapid incident response and secret remediation. The post How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack appeared first on Security Boulevard.

5 days ago

Read Full Article

The Record by Recorded Future

Supply chain attack hits widely-used AI package, risks impacting thousands of companies

The incident highlights growing concerns over the security of the open-source software supply chain, where widely-used tools maintained by small teams can provide a gateway into thousands of organizations if compromised.

5 days ago

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year