Litellm

• LiteLLM Was in Your CI/CD Pipeline. So Was the Credential Stealer. March 25, 2026

  On March 24, 2026, LiteLLM versions 1.82.7 and 1.82.8 on PyPI were found to contain a credential-stealing payload planted by TeamPCP, the same group that compromised Trivy five days earlier. The attack is a direct downstream consequence of that breach: stolen CI/CD credentials, reused across targets.