The LiteLLM supply chain attack is big shenanigans. I have to explain the whole thingie though so...

Summary

A supply chain attack has targeted LiteLLM, an open-source library for language model API abstraction. The threat actor TeamPCP is suspected of conducting the attack with significant scope and intent. The incident highlights ongoing risks to widely-used open-source dependencies in the AI/ML ecosystem.

Indicators of Compromise

• malware — TeamPCP