Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer - SiliconANGLE
Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer - SiliconANGLE
LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign | Datadog Security Labs
securitylabs.datadoghq.comOn March 24 and 27, 2026, malicious PyPI releases of LiteLLM and Telnyx were published as part of the TeamPCP supply chain campaign. We trace the full campaign from Trivy through npm, Checkmarx, and into PyPI.
How to Safely Update Your Dependencies
With all the supply chain attacks happening lately (litellm being the most recent example) keeping dependencies up to date without risk has been on my mind. Below is everything I do to keep my personal projects secure, what we do at Fencer to keep our own codebase secure, and what we recommend to the startups we work with. Be hesitant about what you add The best way to reduce the risk of installing a compromised dependency is to avoid relying on it in the first place. Before adding a new dependency, I first make sure that implementing it ourselves would be too much work (or tokens!).
[tl;dr sec] #321 - Sandboxing AI Agents, Trivy Compromised, Pentesting AWS' AI Pentester
Sandbox approaches by NVIDIA and Niel Provos, moar supply chain compromises, vulnerabilities in AWS Security Agent