VulnHub

Real-time Cybersecurity News

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

The Hacker News
Actively Exploited
Malware

Overview

TeamPCP, a known threat actor, has compromised the popular Python package litellm by injecting malicious code into versions 1.82.7 and 1.82.8. This compromise was linked to earlier incidents involving the Trivy and KICS tools. The malicious versions contain a credential harvester, a toolkit for lateral movement within Kubernetes environments, and a persistent backdoor. Security companies like Endor Labs and JFrog have confirmed the issue, raising concerns for developers and organizations using this package. The presence of these backdoors could allow attackers to gain unauthorized access to sensitive information and systems, making it crucial for users to act quickly to protect their environments.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: litellm versions 1.82.7 and 1.82.8
  • Action Required: Users are advised to remove versions 1.
  • Timeline: Newly disclosed

Original Article Summary

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on

Impact

litellm versions 1.82.7 and 1.82.8

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users are advised to remove versions 1.82.7 and 1.82.8 of litellm immediately and upgrade to a safe version.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

DoE Publishes 5-Year Energy Security Plan

SecurityWeek

The U.S. Department of Energy (DoE) has launched a five-year initiative called Project Armor aimed at reinforcing the country’s critical energy infrastructure. This initiative focuses on enhancing energy systems to better withstand and recover from threats like wildfires and other environmental hazards. The plan is a proactive step to ensure that energy supplies remain stable and secure against potential disruptions. By investing in these improvements, the DoE aims to safeguard not just the energy sector but also the broader economy and public safety. The initiative reflects growing concerns about the vulnerabilities faced by energy systems in a changing climate and the need for resilient infrastructure.

Mar 24, 2026

Managing Cyber Risk as Financially Motivated Attacks Grow - Tony Anscombe - RSAC26 #2

SCM feed for Latest

In light of increasing financially motivated cyber attacks, cybersecurity expert Tony Anscombe emphasizes the need for businesses to reassess their risk management strategies. He points out that these attacks are becoming more sophisticated, targeting vulnerabilities in both technology and human behavior. Companies, especially in the finance sector, are urged to implement stronger security measures and employee training to combat these threats. Anscombe also highlights the importance of continuous monitoring and adapting to the evolving tactics of cybercriminals. This shift in approach is crucial for protecting sensitive financial data and maintaining customer trust.

Mar 24, 2026

Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw

SecurityWeek

The article discusses the evolution of agentic AI systems, which are moving from merely suggesting actions to taking independent actions within systems. This shift raises significant governance and security concerns, particularly as these AI platforms gain more access to critical systems. The case of OpenClaw serves as a cautionary tale, illustrating the potential risks of inadequate oversight. As these technologies become more autonomous, it is crucial for organizations and regulators to establish better frameworks for managing them. Without proper governance, the implications for security and accountability could be severe, affecting various sectors that rely on AI.

Mar 24, 2026

Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack

CyberScoop

Attackers have hacked Trivy, an open-source security tool, and released malicious versions of the software. This incident raises concerns as Mandiant warns that it could affect up to 10,000 downstream users who rely on Trivy for security assessments. The presence of compromised versions may lead to a significant rise in extortion attempts against these users. The situation emphasizes the risks associated with using open-source tools, particularly when they become targets for malicious actors. Organizations that use Trivy need to be vigilant and assess their security protocols to mitigate potential fallout.

Mar 24, 2026

Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector

SecurityWeek

In December 2025, Poland experienced a significant cyberattack that targeted its energy system, leading to widespread disruptions. The attack is believed to have originated from Russia, raising concerns about geopolitical tensions and the security of critical infrastructure. This incident is part of a broader surge in cyberattacks affecting Poland, indicating a troubling trend in cybersecurity threats faced by the nation. As a result, the energy sector, crucial for both public services and economic stability, is now at heightened risk. The implications of these attacks extend beyond immediate operational disruptions, as they could impact national security and public confidence in essential services.

Mar 24, 2026

Novel Iran-linked hacking group takes aim at Middle Eastern energy firms

SCM feed for Latest

A new hacking group known as Nasir Security, believed to be linked to Iran, has launched cyberattacks against various energy sector organizations in the Middle East. These attacks come amid rising geopolitical tensions, raising concerns about the security of critical energy infrastructure in the region. The targeted firms have not been specifically identified in the report, but the implications are significant, as energy companies are vital to national economies and security. Experts warn that such operations could disrupt energy supplies and have broader economic impacts, emphasizing the need for enhanced cybersecurity measures within this sector. Companies in the energy sector should be vigilant and bolster their defenses against potential threats from this group.

Mar 24, 2026