TeamPCP Compromises Trivy And LiteLLM Ecosystem
A targeted supply-chain attack by TeamPCP compromised Trivy, Checkmarx artifacts and LiteLLM packages during March 19–24, 2026, injecting malware into GitHub Actions, container images and PyPI packages. The campaign, assigned CVE-2026-33634 with a CVSS4B score of 9.4, reportedly exfiltrated SSH keys, cloud tokens and Kubernetes secrets, affecting more than 20,000 repositories and claiming hundreds of gigabytes and over 500,000 accounts. Organizations must pin versions, rotate credentials and perform threat hunting.
Scoring Rationale
Broad, high-severity supply-chain compromise with CVE and widespread exposures; remediation remains complex, requiring coordinated rotation and auditing.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
