TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
Python interface for LLMs infected with malware via polluted CI/CD pipeline Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected them with malicious credential-stealing code.…
Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish malware. [...]
Unlike typical data-stealing malware, this attack tool targets data specific to corporate and cloud infrastructures in order to execute supply chain attacks.