The TeamPCP group compromised PyPI-hosted LiteLLM packages (versions 1.82.7 and 1.82.8) by uploading malicious versions containing a credential stealer. Users of these specific compromised versions should immediately remove them and revert to a verified, clean version.
A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in late 2025. The latest victim of the group is BerryAI’s popular LiteLLM library, a unified interface that makes it easier for apps to switch between various LLMs: on March 24, TeamPCP uploaded two compromised versions (1.82.7 and 1.82.8) on PyPI that included a credential stealer and a … More → The post LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks appeared first on Help Net Security .