LiteLLM Package Suffers Malicious PyPI Supply-Chain Compromise
Security researchers reported on March 25, 2026 that the popular Python package LiteLLM was compromised on PyPI, with malicious code injected into versions 1.82.7 and 1.82.8 by threat actor TeamPCP. The library, used to route requests across LLM providers and claiming over 95 million monthly downloads, represents a high-impact supply-chain breach requiring immediate mitigation and audits.
Key Points
- 1Injects malicious code into LiteLLM v1.82.7 and v1.82.8 on PyPI, attributed to TeamPCP.
- 2Targets a widely used package with over 95 million monthly downloads, expanding potential attacker reach.
- 3Requires immediate revocation, dependency audits, and incident response from developers and downstream projects.
Scoring Rationale
High urgency and widespread exposure drive score; limited corroboration outside single security outlet reduces certainty.
Sources
Public references used for this report.
Practice with real Logistics & Shipping data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Logistics & Shipping problems
