Storyline
From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
Python interface for LLMs infected with malware via polluted CI/CD pipeline Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected...
Evidence locked
Today's free sample is only available for the edition's flagship storyline.
Evidence preview
- Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion waveCSO Online
- TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI CompromiseInfosecurity Magazine
- From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPISecurityWeek
- LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacksHelp Net Security
- Guidance for detecting, investigating, and defending against the Trivy supply chain compromiseMicrosoft Security Blog