TeamPCP hijacks Trivy CI/CD to inject malicious LiteLLM builds

Security researchers discovered that the threat actor known as TeamPCP breached the Trivy CI/CD workflow that builds and publishes the Python package litellm. The attackers injected two malicious releases into PyPI, each containing a credential‑harvesting component and a toolkit for lateral movement inside Kubernetes clusters. The backdoored packages were pulled from the repository shortly after a coordinated disclosure to the maintainers.

Defenders should treat this as a stark reminder of the risks posed by supply‑chain attacks on build pipelines. Compromised CI/CD processes can silently distribute code that steals cloud credentials and enables cluster compromise, potentially affecting any downstream projects that depend on the tainted library. Continuous monitoring of third‑party packages, enforcing signed releases, and rapid incident response are essential to mitigate similar threats.

Categories: Threat Intelligence, Cloud & SaaS Security

Source: Read original article