Stolen Credentials From Trivy Breach Let Hackers Push Malware to PyPI. Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing developers to credential theft, persistent backdoors and lateral movement tools within hours of publication.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/litellm-hit-in-cascading-supply-chain-attack-a-31210
