Credential‑Stealing Malware in LiteLLM Supply Chain Attack
Complete Cloud Security in Minutes – Orca Security
2026-03-25 21:01:15
收藏
Executive Summary A severe malware incident (no formal CVE yet, but tracked as a high‑risk supply chain compromise) was disclosed affecting the widely used Python package LiteLLM (PyPI). Attackers from the TeamPCP threat group trojanized LiteLLM by publishing malicious versions 1.82.7 and 1.82.8, allowing them to harvest credentials and deploy backdoors when the package is […]
The post Credential‑Stealing Malware in LiteLLM Supply Chain Attack appeared first on Orca Security.
目录
最新
- GenAI Risks in Cloud Environments: What Security Teams Are Actually Missing in 2026
- What Is Multi-Cloud Security?
- What Is Cloud Detection and Response (CDR)?
- Linux kernel vulnerability enables local theft of SSH host keys and /etc/shadow
- 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated DoS and Potential RCE
- Announcing Cloud Security Agent Skills for Orca’s MCP Server
- TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack
- Dirty Frag: Linux Kernel Vulnerability Chain Enables Local Privilege Escalation to Root