VERY IMPORTANT

TeamPCP has launched a supply chain attack targeting LiteLLM, an open-source Python library used in 36% of cloud environments. Malicious versions 1.82.7 and 1.82.8 were published on PyPI, employing sophisticated techniques for payload delivery and persistence. The compromised packages exploit Python's .pth mechanism for stealthy execution across any Python process. The malware collects sensitive data including API keys, cloud credentials, and CI/CD secrets, encrypting and exfiltrating them to attacker-controlled domains. This attack follows TeamPCP's previous compromises of Aqua Security's Trivy and Checkmarx tools, highlighting an ongoing campaign against the open-source ecosystem. The incident underscores the potential for widespread impact and the need for vigilance in software supply chain security.