5 days ago · Python Package Index shares insights and provides guidance following LiteLLM/Telnyx supply-chain attacks

Mar 24, 2026 · According to research by Endor Labs, threat actors compromised the project and published malicious versions of LiteLLM 1.82.7 and 1.82.8 to PyPI today that deploy an infostealer …

On March 24, 2026, threat actor known as TeamPCP published backdoored versions of the litellm Python package after stealing PyPI credentials via a compromised Trivy GitHub Action in LiteLLM's …

On March 24, 2026, litellm — the Python package that powers nearly every major AI agent framework — was hit by a supply chain attack. Two malicious versions (1.82.7 and 1.82.8) were published to PyPI …

Mar 31, 2026 · The affected software also includes the official Python SDK of Telnyx. These ongoing supply chain attacks injected malicious infostealer payloads directly into GitHub Actions and Python …

Mar 31, 2026 · Discovered by FutureSearch researcher Callum McMahon, a supply chain attack against LiteLLM on PyPI resulted in over 40 thousand downloads of a compromised version that installed a …

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories.

Mar 14, 2026 · The StepSecurity threat intelligence team has discovered an ongoing campaign in which an attacker is compromising hundreds of GitHub accounts and injecting identical malware into …

Mar 16, 2026 · Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

2 days ago · A threat group’s supply-chain campaign has moved from security tools to a widely-used communications software development kit, with malicious Telnyx Python package releases on PyPI …