{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreibxeuplkbo5mu7lr6smdlndxc5kfczbbzw3zwglv272rpy76py4ti",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mhtiodarrxj2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreidujpachj6ub3gvx4k7cjr2izbkatgods5pbfsbcj6wrr376iguiq"
    },
    "mimeType": "image/jpeg",
    "size": 104411
  },
  "path": "/2026/03/teampcp-backdoors-litellm-versions.html",
  "publishedAt": "2026-03-24T18:21:00.000Z",
  "site": "https://thehackernews.com",
  "textContent": "TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor.\nMultiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on",
  "title": "TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise"
}