How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM | Snyk

snyk.io

On March 24, 2026, threat actor known as TeamPCP published backdoored versions of the litellm Python package after stealing PyPI credentials via a compromised Trivy GitHub Action in LiteLLM's CI/CD pipeline. Here's what happened, how the three-stage malware works, and how to check if you're affected.

4 pages link to this URL

Matt Mullenweg

Matt Mullenweg Matt Apr 7, 2026

Unlucky in Cards

0 inbound links website en Asides

Weekly Reflection #17 - Trust Chains

rojoroboto.com Mar 25, 2026

Each week, I share one insight. One piece of wisdom. One question to reflect on. (and a little Lagniappe) This week LiteLLM, the most popular open-source LLM…

0 inbound links article en

Matt Mullenweg

Matt Mullenweg Matt Apr 7, 2026

Unlucky in Cards

0 inbound links website en Asides

Silicon Valley's two biggest dramas have intersected: LiteLLM and Delve | TechCrunch

TechCrunch Julie Bort Mar 26, 2026

LiteLLM offers an AI open source project used by millions that was infected by credential harvesting malware.

1 inbound link article en StartupsSecurity Delvesecurity compliancemalware