Mercor Hit by LiteLLM Supply Chain Attack

Summary

AI recruiting firm Mercor was compromised through the LiteLLM supply chain attack, which resulted from a prior Trivy dependency compromise. Threat actors TeamPCP published malicious LiteLLM PyPI package versions (1.82.7 and 1.82.8) that were auto-downloaded by thousands of companies including Mercor. The Lapsus$ extortion group subsequently claimed theft of 4TB of Mercor data including candidate profiles, credentials, source code, and VPN access.

Full text

AI recruiting firm Mercor has disclosed impact from the recent LiteLLM supply chain attack, after extortionists claimed the theft of 4 terabytes of data. The LiteLLM incident occurred on March 27 and was the result of the Trivy supply chain attack that was mounted a week before. “We believe that the compromise originated from the Trivy dependency used in our CI/CD security scanning workflow,” LiteLLM notes in its description of the incident. Using a maintainer’s compromised credentials, the TeamPCP hacking group published two malicious LiteLLM PyPI package versions, namely 1.82.7 and 1.82.8, which were available for download for roughly 40 minutes. LiteLLM is estimated to be present in 36% of cloud environments, and while the exposure window appears small, the malicious package versions were likely automatically downloaded by thousands, including Mercor. “We recently identified that we were one of thousands of companies impacted by a supply chain attack involving LiteLLM,” the startup said on Wednesday.Advertisement. Scroll to continue reading. “Our security team moved promptly to contain and remediate the incident. We are conducting a thorough investigation supported by leading third-party forensics experts,” Mercor added. While the company has not shared details on the impact, the Lapsus$ extortion group listed Mercor on its leak site on Monday, claiming the theft of over 4TB of data. Lapsus$ is auctioning the information, which allegedly includes candidate profiles, personally identifiable information, employer data, user accounts and credentials, video interviews, proprietary information, source code, keys and secrets, and TailScale VPN data. TeamPCP was recently reported to have partnered with Lapsus$ to monetize the data and access obtained as part of its broad supply chain campaign, and it is no surprise that the extortion group has listed Mercor on its leak site. However, the company has yet to confirm Lapsus$ claims. SecurityWeek has emailed Mercor for a statement on the matter and will update this article if the company responds. Related: Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks Related: TeamPCP Moves From OSS to AWS Environments Related: Axios NPM Package Breached in North Korean Supply Chain Attack Related: Toy Giant Hasbro Hit by Cyberattack Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire US Charges Uranium Crypto Exchange HackerAxios NPM Package Breached in North Korean Supply Chain AttackTeamPCP Moves From OSS to AWS EnvironmentsCrewAI Vulnerabilities Expose Devices to HackingExploitation of Critical Fortinet FortiClient EMS Flaw BeginsStrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNsLloyds Data Security Incident Impacts 450,000 IndividualsHuskeys Emerges From Stealth With $8 Million in Funding Latest News 250,000 Affected by Data Breach at Nacogdoches Memorial HospitalSophisticated CrystalX RAT EmergesVariance Raises $21.5M for Compliance Investigation Platform Powered by AI AgentsLinx Security Raises $50 Million for Identity Security and GovernanceDepthfirst Raises $80 Million in Series B FundingToy Giant Hasbro Hit by CyberattackNew DeepLoad Malware Dropped in ClickFix AttacksExploited Zero-Day Among 21 Vulnerabilities Patched in Chrome Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the MoveModerna has promoted Farzan Karimi to Deputy Chief Information Security Officer.Brian Goldfarb has been appointed Chief Marketing Officer at SentinelOne.Token has appointed Katy Nelson as Chief Revenue Officer.More People On The MoveExpert Insights The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — LiteLLM PyPI package v1.82.7
• malware — LiteLLM PyPI package v1.82.8

Entities