A hacker group just compromised one of the most widely used security scanners in the world, and used it to steal half a million credentials from companies that trusted it to keep them safe.
On March 19, a threat actor group called TeamPCP injected credential-stealing malware into Trivy, a popular open-source vulnerability scanner maintained by Aqua Security. Trivy is used by thousands of companies to scan their code and infrastructure for security flaws. The attackers compromised 75 GitHub Action tags, the Trivy Docker images, and related CI/CD pipelines, meaning every company running automated security scans through Trivy was unknowingly executing the attackers' code.
The malware harvested SSH keys, cloud credentials, Kubernetes secrets, cryptocurrency wallets, and .env files from every environment it touched. The stolen data was encrypted and exfiltrated to attacker-controlled servers.
But the attack didn't stop there. Using credentials stolen from Trivy's CI/CD pipeline, TeamPCP then backdoored LiteLLM, a widely used Python framework for managing AI model APIs. Two malicious versions (1.82.7 and 1.82.8) were pushed to PyPI, the main Python package repository. The second version was designed to execute automatically on every Python process startup in the environment, no user interaction required. From there, it deployed privileged pods across entire Kubernetes clusters and installed persistent backdoors on every node.
The attackers also pushed compromised Docker images of Trivy (versions 0.69.4, 0.69.5, 0.69.6) to Docker Hub and compromised dozens of npm packages with a self-spreading worm called CanisterWorm. They even defaced 44 internal Aqua Security repositories in a scripted 2-minute burst, renaming them all with "TeamPCP Owns Aqua Security."
According to the International Cyber Digest, which is in direct contact with the attackers, TeamPCP claims to have exfiltrated 300 GB of compressed credentials and is actively working through them. The LiteLLM compromise alone reportedly yielded half a million stolen credentials. The group says it is currently extorting several multi-billion-dollar companies.
Each compromised environment yielded credentials that unlocked the next target. The pivot from CI/CD pipelines to production Python packages running in Kubernetes clusters was deliberate escalation. Security researchers say this campaign is "almost certainly not over."
This is what a modern supply chain attack looks like. The tools companies trust to secure their infrastructure become the attack vector. The irony is brutal, the security scanner was the vulnerability.
🚨‼️ We're in contact with the actor behind the Trivy and LiteLLM hack. They told us they are currently extorting several multi-billion-dollar companies from which they've exfiltrated data.
They've obtained 300 GB of compressed credentials and are working their way through them as we speak.
The LiteLLM compromise alone led to half a million stolen credentials, according to the threat actor.
Their message to the world: "TeamPCP is here to stay. Long live the supply chain."
They've sent us their new logo (see image) and also teamed up with several threat actors, including Xploiters and Vect.
Software horror: litellm PyPI supply chain attack.
Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.
LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm.
Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks.
Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages.
Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below
@svembu Disappointed with ux. Give some time to ux, listen to someone who has sense of it.
There is a reason people hate Microsoft teams even for enterprise use .
British man: "They are taking all our jobs."
Interviewer: "What qualifications do you have?"
British man: "None. They are taking all our qualifications as well."
When China builds, you say it stole.
When China sells, you say it cheats.
When China grows, you say it threatens.
But when you bomb, you say it liberates.
When you sanction, you say it protects.
When you steal, you say it secures.
The real theft isn’t China’s technology.
It’s America’s vocabulary.
BIG NEWS 🚨 Salman Khan trolls Donald Trump on Bigg Boss 19 set 🤯😂
UNPRECEDENTED 😅
He said "Ye kya ho raha hai poori duniya me. Jo sabse zyada trouble phaila rahe hain, unhi ko peace prize chahiye"
"In this world, the ones causing the most trouble are the ones who want the
@China_Amb_India I share the same line of thought. India and China have always been peace loving countries, except minor skirmishes. People need to think for themselves, free from the western propagandas.
3K Followers 2K FollowingFounder & CEO @cranlcom — The best way to deploy your projects, databases, AI agents to the cloud | Software Engineer. Need help? send DM.
593K Followers 54K FollowingSan Francisco/Silicon Valley AI | Robots, holodecks, BCIs, analysis of new things | Ex-Microsoft, Rackspace, Fast Company | Wrote eight books about the future.
112 Followers 289 Following🎥 Digital Creator | Building dreams one step at a time 💼
🎧 Music head | 📰 News watcher | ⚽ Sports junkie | 🎮 Game on
#WomenInTech #GoalDigger #StayCurious
6K Followers 7K Following🇪🇺 CTO. Builder.
Rusty AI agents. Category theory without the fog machine. If you build typed agents, tiny ML or evals, DM me your weirdest bug.
32K Followers 33K FollowingTruth, Beauty, Poetry, and Music from The Frontier Man, an American poet, writer, and musician. New album Love Is All (18 love songs) is out now! Link below
25 Followers 102 FollowingBig 💡 ≠ big $. I test real business concepts in days—not months—using $0 tools. If you’d rather launch than dream, follow me. 20Apps_'25
181 Followers 5K FollowingAI Generative builder, former Head of Product turned Solo entrepreneur paving the way for sustainable fintech and climate tech at Yello ☀️ ⚡️#StartupsRock
304 Followers 7K FollowingTG: @Evan_Marlowe
Master Your Mind
Dark Psychology & Power
Gym | Discipline | Growth
XFitness is my lifestyle
Train Repeat
DM for paid promotion
1K Followers 7K FollowingFull Stack Dev ,Cyber security , networking ,Mobile Apps,SEO,Crypto , Software Website design company . Idea into a business 💡. https://t.co/vHFml2zZXb
6K Followers 5K FollowingHelping solopreneurs create profitable online courses faster with AI and no-code solutions. I’ll help you simplify the process, and focus on delivering value.
4K Followers 3K FollowingPassionate about sharing Health tips 🥗🔔 motivation, content creation, and helping others Monetize their passions on X Dm for Paid Collab
2K Followers 5K FollowingŞimdilik putu sensin tapılan menfaatin!
Hey kukla kafalı adam dinle sözümü tut
Bunların dilinde Hak; ama kalbi dolu put!
Mehmed Âkif Ersoy
8K Followers 7K FollowingEntrepreneur | Digital Marketer | Content Creator | Sharing sports takes, life lessons, and a few political thoughts along the way.
221 Followers 484 Followingco-founder @ @lovon_app AI therapy, 5000+ hours of AI therapy delivered. ex co-founder of MUBR app, exit after 3M users bootstrapped
634K Followers 3K FollowingFather of two amazing boys, husband. Retired Green Beret combat veteran, Gold Star husband. Former Director of the National Counterterrorism Center.
2.4M Followers 2K FollowingOpen Source Intelligence Monitor focused on Europe and Conflicts across the World. RT ≠ Endorsement. Want to Support my Work? https://t.co/PcUbewvWPr
3K Followers 4K FollowingOffrir à ma famille sa propre maison 🏠 Jour 279
🤖https://t.co/MVQcs5DBqf 0€ 📸https://t.co/GcWmfaULH0 50€🤫 https://t.co/xd3cKVUs5Y 940€ 💻 https://t.co/vIE4oDnVvi 350€ 🦾 https://t.co/9urtGS52Lx 200€
593K Followers 54K FollowingSan Francisco/Silicon Valley AI | Robots, holodecks, BCIs, analysis of new things | Ex-Microsoft, Rackspace, Fast Company | Wrote eight books about the future.
161K Followers 8K FollowingColumnist, blogger, podcaster. Neither Left nor Right. Less ideology, more facts. Host of Geopolitics Demystified: https://t.co/BBwFJ9L0hs
97K Followers 20K FollowingAn American Journalist in China, Published Author, Radio Show Host & Media Commentator. This is my personal account and all opinions are my own.
356K Followers 15K FollowingGreen politician. Diplomat. Peace negotiater. Adviser to green business. Inspirational speaker on environment and development, peace and geopolitics..
118K Followers 125 FollowingChinese Ambassador to India
Spokesperson of Chinese Embassy in India @ChinaSpox_India
China Embassy FB:https://t.co/QSCYux2DIX
112 Followers 289 Following🎥 Digital Creator | Building dreams one step at a time 💼
🎧 Music head | 📰 News watcher | ⚽ Sports junkie | 🎮 Game on
#WomenInTech #GoalDigger #StayCurious
6K Followers 7K Following🇪🇺 CTO. Builder.
Rusty AI agents. Category theory without the fog machine. If you build typed agents, tiny ML or evals, DM me your weirdest bug.
294K Followers 5K FollowingCloudflare is the world’s leading #ConnectivityCloud, and we have our eyes set on an ambitious goal — to help build a #BetterInternet.
32K Followers 33K FollowingTruth, Beauty, Poetry, and Music from The Frontier Man, an American poet, writer, and musician. New album Love Is All (18 love songs) is out now! Link below
35K Followers 38K FollowingTech VC and entrepreneur. Curious. Investing and building in AI. Built companies in media and tech. Founder @frontiervc. Learned things @Harvard, @Stanford
21K Followers 11K FollowingHyperstition maxi | AI dev | Bootstrapping agentic video @NoSpoonStudios | Situation Monitoring @COPYOVERAPP | Community @Pokee_AI | SpaceXAI + @Imagine Stan
50K Followers 8K FollowingAI Keynote Speaker | Creator of the Digital Crew System 💫 Helping teams clear Admin Drag with governed AI agents | Host, The AI Hat Podcast