Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...
GIGAZINE

The AI library 'LiteLLM,' which has over 40,000 GitHub stars, was subjected to a supply chain attack, resulting in the distribution of a malware version. Users' SSH keys and ...

LiteLLM ' was subjected to a supply chain attack, and it has been discovered that a malware version containing malicious modifications was temporarily distributed. It has also been found that the ...
Inc

Malware in an Open-Source Project Could Have Infected Thousands. The Twist? It Was Certified by Delve

The compromise happened despite the fact that LiteLLM boasts two major compliance certifications. The provider? Embattled startup Delve. “Brought to you by Delve,” one Redditor snarked in the ...

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...
TechCrunch

Mercor says it was hit by cyberattack tied to compromise of open source LiteLLM project

Mercor, a popular AI recruiting startup, has confirmed a security incident linked to a supply chain attack involving the open source project LiteLLM. The AI startup told TechCrunch on Tuesday that it ...
Bleeping Computer

Latest Authentication Tokens news

Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. The TeamPCP hacking group continues its supply-chain rampage, ...