TeamPCP Compromises LiteLLM PyPI Packages Via Trivy Breach
.jpg)
On March 24, 2026, threat actor TeamPCP compromised the PyPI credentials of a LiteLLM maintainer and seeded trojanized package versions 1.82.7 and 1.82.8 into the repository, where they remained live for about three hours before PyPI quarantined them. LiteLLM — a multi-provider LLM interface with roughly 3.4 million daily installs — exposes many production environments, underscoring a critical open-source supply-chain risk.
Key Points
- 1Compromised LiteLLM PyPI packages 1.82.7 and 1.82.8 contained obfuscated payloads activated at import
- 2Exploited Trivy breach in CI/CD converted a security scanner into an attack vector for supply chain compromise
- 3Impacted ecosystems are large given LiteLLM’s 3.4M daily installs, enabling credential harvesting and persistent backdoors
Scoring Rationale
High novelty and industry-wide scope: trojanized LLM interface packages with automatic import execution and massive install base. Actionable for practitioners to revoke credentials and audit environments. Score reduced slightly for reliance on a single reporting source and limited technical disclosure, but timeliness and potential impact keep it high.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems