LiteLLM Python package hit by network compromise linked to TeamPCP
Incident
Summary
Hide ▲
Show ▼
The LiteLLM Python package was compromised on PyPI after attackers published malicious 1.82.7 and 1.82.8 releases, putting downstream installs at risk of credential theft and persistence. The compromise is linked to TeamPCP, and the payload executes when the package is imported. The malware drops an infostealer that can harvest SSH keys, cloud tokens, Kubernetes secrets, and other sensitive data. Version 1.82.8 also adds a .pth file and a systemd service to widen execution and maintain access.
Related Happenings
Operation Navy Ghost PyPI supply-chain campaign
Campaign
H score26
First: 01.07.2026 00:02
Last: 01.07.2026 00:02
Sources 1
About this happening:
The **Operation Navy Ghost** campaign has targeted **Python developers** building **Telegram bots** through trojanized **Pyrogram forks**, creating a supply-chain path to compromi...
Operation Navy Ghost PyPI supply-chain campaign
CampaignAbout this happening: The **Operation Navy Ghost** campaign has targeted **Python developers** building **Telegram bots** through trojanized **Pyrogram forks**, creating a supply-chain path to compromi...
Hades Bun-powered JavaScript stealer on PyPI
Malware Activity
H score34
First: 09.06.2026 12:13
Last: 09.06.2026 12:13
Sources 1
About this happening:
A new **Hades** PyPI malware wave uses a **Python startup hook** to launch a **Bun-powered JavaScript stealer**, putting developer and CI/CD credentials at risk. The payload can h...
Hades Bun-powered JavaScript stealer on PyPI
Malware ActivityAbout this happening: A new **Hades** PyPI malware wave uses a **Python startup hook** to launch a **Bun-powered JavaScript stealer**, putting developer and CI/CD credentials at risk. The payload can h...
BerriAI LiteLLM actively exploited command injection (CVE-2026-42271)
Vulnerability
H score51
First: 09.06.2026 09:26
Last: 09.06.2026 09:26
Sources 1
About this happening:
**CVE-2026-42271** in **BerriAI LiteLLM** was added to CISA's **KEV catalog** after evidence of **active exploitation**, creating remote command-execution risk for affected proxy...
BerriAI LiteLLM actively exploited command injection (CVE-2026-42271)
VulnerabilityAbout this happening: **CVE-2026-42271** in **BerriAI LiteLLM** was added to CISA's **KEV catalog** after evidence of **active exploitation**, creating remote command-execution risk for affected proxy...
Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials
Campaign
H score56
First: 12.05.2026 14:29
Last: 12.05.2026 14:29
Sources 1
About this happening:
The **Shai-Hulud** **supply-chain campaign** now includes a fresh **PyPI** wave that compromised **19 packages** across **37 malicious releases**, with popular bioinformatics tool...
Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials
CampaignAbout this happening: The **Shai-Hulud** **supply-chain campaign** now includes a fresh **PyPI** wave that compromised **19 packages** across **37 malicious releases**, with popular bioinformatics tool...
PyTorch Lightning hit by network compromise
Incident
H score36
First: 04.05.2026 20:15
Last: 04.05.2026 20:15
Sources 1
About this happening:
A **malicious PyTorch Lightning release** on **PyPI** created a supply-chain compromise that can steal credentials as soon as the package is imported. The backdoored **version 2.6...
PyTorch Lightning hit by network compromise
IncidentAbout this happening: A **malicious PyTorch Lightning release** on **PyPI** created a supply-chain compromise that can steal credentials as soon as the package is imported. The backdoored **version 2.6...
Timeline
-
25.03.2026 00:29 2 articles · 3mo ago
Malicious LiteLLM releases deploy import-time infostealer
Technical Analysis UpdateThreat actors compromised the LiteLLM project on PyPI and published malicious versions 1.82.7 and 1.82.8 that execute a hidden base64 payload when litellm/proxy/proxy_server.py is imported. Version 1.82.8 also drops litellm_init.pth so the code can run when Python starts, and the payload installs TeamPCP Cloud Stealer, a persistence script, and a systemd user service that supports encrypted exfiltration to models.litellm[.]cloud.
Show sources
- Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack — www.bleepingcomputer.com — 25.03.2026 00:29
- How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers — thehackernews.com — 06.04.2026 14:45
-
25.03.2026 00:29 1 articles · 3mo ago
TeamPCP-linked LiteLLM PyPI compromise publicly disclosed
Initial DisclosureTeamPCP is linked to the LiteLLM PyPI compromise and to the earlier Aqua Security Trivy vulnerability scanner breach, with cascading compromises reaching Aqua Security Docker images, Checkmarx KICS project, and LiteLLM. The attack was claimed to have stolen data from hundreds of thousands of devices, and exposed credentials were urged to be rotated immediately.
Show sources
- Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack — www.bleepingcomputer.com — 25.03.2026 00:29