A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in late 2025. The latest victim of the group is BerryAI’s popular LiteLLM library, a unified interface that makes it easier for apps to switch between various LLMs: on March 24, TeamPCP uploaded two compromised versions (1.82.7 and 1.82.8) on PyPI that included a credential stealer and a … More
The post LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks appeared first on Help Net Security.
