When Trusted Packages Turn Hostile: Cascading Supply Chain Attacks
TeamPCP compromises legitimate packages and cascades through the supply chain via stolen credentials. Why this attack pattern evades detection.
#litellm
2 articles with this tag.
LiteLLM's PyPI Backdoor: What It Means for the AI Skill Supply Chain
Attackers injected a credential stealer into litellm (95M downloads) via compromised CI/CD. What happened and why AI skills face the same threat.