LiteLLM Python package hit by network compromise linked to TeamPCP
Incident
Summary
Hide ▲
Show ▼
The LiteLLM Python package was compromised on PyPI after attackers published malicious 1.82.7 and 1.82.8 releases, putting downstream installs at risk of credential theft and persistence. The compromise is linked to TeamPCP, and the payload executes when the package is imported. The malware drops an infostealer that can harvest SSH keys, cloud tokens, Kubernetes secrets, and other sensitive data. Version 1.82.8 also adds a .pth file and a systemd service to widen execution and maintain access.
Related Happenings
Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials
Campaign
First: 12.05.2026 14:29
Last: 12.05.2026 14:29
Sources 1
About this happening:
The **Shai-Hulud** **supply-chain campaign** remains active across **npm**, **PyPI**, and **Composer**, with the latest reporting tying **TeamPCP** to both a claimed **GitHub inte...
Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials
CampaignAbout this happening: The **Shai-Hulud** **supply-chain campaign** remains active across **npm**, **PyPI**, and **Composer**, with the latest reporting tying **TeamPCP** to both a claimed **GitHub inte...
PyTorch Lightning hit by network compromise
Incident
First: 04.05.2026 20:15
Last: 04.05.2026 20:15
Sources 1
About this happening:
A **malicious PyTorch Lightning release** on **PyPI** created a supply-chain compromise that can steal credentials as soon as the package is imported. The backdoored **version 2.6...
PyTorch Lightning hit by network compromise
IncidentAbout this happening: A **malicious PyTorch Lightning release** on **PyPI** created a supply-chain compromise that can steal credentials as soon as the package is imported. The backdoored **version 2.6...
Lightning PyPI router_runtime.js credential-stealing payload
Malware Activity
First: 30.04.2026 19:31
Last: 30.04.2026 19:31
Sources 1
About this happening:
The **Lightning** PyPI package was pushed in **malicious versions 2.6.2 and 2.6.3** on **April 30, 2026**, turning a normal install into **credential theft** for **developer and C...
Lightning PyPI router_runtime.js credential-stealing payload
Malware ActivityAbout this happening: The **Lightning** PyPI package was pushed in **malicious versions 2.6.2 and 2.6.3** on **April 30, 2026**, turning a normal install into **credential theft** for **developer and C...
Latest development: 04.05.2026 20:15
Microsoft Threat Intelligence says Defender detected and prevented the malicious `lightning==2.6.3` routine in customer environments, notified the Lightning maintainer, and warned that users who ran `import lightning` may need to rotate exposed secrets, keys, and tokens.
Mini Shai-Hulud SAP-related npm supply-chain campaign
Campaign
First: 29.04.2026 19:26
Last: 29.04.2026 19:26
Sources 1
About this happening:
A new **Mini Shai-Hulud** supply-chain campaign is targeting **SAP-related npm packages**, putting **developer and CI/CD environments** at risk of credential theft and malicious p...
Mini Shai-Hulud SAP-related npm supply-chain campaign
CampaignAbout this happening: A new **Mini Shai-Hulud** supply-chain campaign is targeting **SAP-related npm packages**, putting **developer and CI/CD environments** at risk of credential theft and malicious p...
Latest development: 12.05.2026 11:50
Mini Shai-Hulud expands beyond the original SAP-related npm packages to compromise TanStack, UiPath, Mistral AI, OpenSearch, Guardrails AI, and DraftLab packages across npm and PyPI, with malicious payloads using router_init.js, GitHub Actions abuse, and exfiltration to filev2.getsession[.]org, api.masscan[.]cloud, or attacker-controlled GitHub repositories.
Malicious npm packages @automagik/genie and pgserve self-propagating malware
Malware Activity
First: 24.04.2026 11:10
Last: 24.04.2026 11:10
Sources 1
About this happening:
**Malicious npm packages** are distributing **credential-stealing malware** that runs during installation and **self-propagates** across developer ecosystems, raising supply-chain...
Malicious npm packages @automagik/genie and pgserve self-propagating malware
Malware ActivityAbout this happening: **Malicious npm packages** are distributing **credential-stealing malware** that runs during installation and **self-propagates** across developer ecosystems, raising supply-chain...
Timeline
-
25.03.2026 00:29 2 articles · 2mo ago
Malicious LiteLLM releases deploy import-time infostealer
Technical Analysis UpdateThreat actors compromised the LiteLLM project on PyPI and published malicious versions 1.82.7 and 1.82.8 that execute a hidden base64 payload when litellm/proxy/proxy_server.py is imported. Version 1.82.8 also drops litellm_init.pth so the code can run when Python starts, and the payload installs TeamPCP Cloud Stealer, a persistence script, and a systemd user service that supports encrypted exfiltration to models.litellm[.]cloud.
Show sources
- Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack — www.bleepingcomputer.com — 25.03.2026 00:29
- How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers — thehackernews.com — 06.04.2026 14:45
-
25.03.2026 00:29 1 articles · 2mo ago
TeamPCP-linked LiteLLM PyPI compromise publicly disclosed
Initial DisclosureTeamPCP is linked to the LiteLLM PyPI compromise and to the earlier Aqua Security Trivy vulnerability scanner breach, with cascading compromises reaching Aqua Security Docker images, Checkmarx KICS project, and LiteLLM. The attack was claimed to have stolen data from hundreds of thousands of devices, and exposed credentials were urged to be rotated immediately.
Show sources
- Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack — www.bleepingcomputer.com — 25.03.2026 00:29