Yesterday, a threat actor compromised 2 versions of the LiteLLM Python package (40k stars, 3M+ weekly downloads). The malicious versions had 120k downloads before being taken down
Full write-up: securitylabs.datadoghq.com/articles/lit...
Timeline (h/t @ramimac.me): ramimac.me/trivy-teampcp/
Christophe Tafani-Dereeper
LiteLLM compromised on PyPI: Tracing the March 2026 TeamPCP supply chain campaign
securitylabs.datadoghq.com/articles/lit...
