Signal

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

Python interface for LLMs infected with malware via polluted CI/CD pipeline Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected...

rss

cso_online

Evidence locked

Today's free sample is only available for the edition's flagship signal.

Back Unlock Pro

Evidence preview

Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave
CSO Online
TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise
Infosecurity Magazine
From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
SecurityWeek
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks
Help Net Security
Guidance for detecting, investigating, and defending against the Trivy supply chain compromise
Microsoft Security Blog