TeamPCP backdoored LiteLLM on PyPI after the Trivy compromise

LiteLLM was hit by the growing TeamPCP supply chain campaign on March 24, 2026, when attackers published two malicious PyPI versions, 1.82.7 and 1.82.8. Berri AI, which maintains LiteLLM, confirmed the compromise and said it traced back to a compromised Trivy security scan dependency in its CI/CD path. The incident matters because the malicious packages […] The post TeamPCP backdoored LiteLLM on PyPI after the Trivy compromise appeared first on VPN Central.