Dan Goodin

Wow, TeamPCP is hacking open-source developers faster than we can report on them. The latest (that I'm aware of, anyway) is LiteLLM. They worked with Trivy but didn't bother to change their credentials after Trivy was hacked, despite an ample amount of advice to do so.

Folks, if any of you used LiteLLM, now is the time to change your credentials, in an atomic way. Now, as in immediately.

https://news.ycombinator.com/item?id=47501729

LiteLLM Python package compromised by supply-chain attack | Hacker News

4:49pmWeb
Show threadDan Goodin10h ago

For context, please see:

https://arstechnica.com/security/2026/03/self-propagating-malware-poisons-open-source-software-and-wipes-iran-based-machines/

Self-propagating malware poisons open source software and wipes Iran-based machines

Development houses: It's time to check your networks for infections.

Ars Technica
Show threaddubbel10h ago

@dangoodin I think it's "in an atomic way", meaning "rotate all credentials in one operation", so that attackers cannot use the still working creds to observe the new ones while they are being updated one after another.

And I agree, it's absolutely crazy right now.

Show threadDan Goodin10h ago

@dubbel

Yes, you're right, of course. Rotating creds at an atomic level would be quite a thing, no?

Show threadSsaman Mardi7h ago
@dangoodin does only affect the pip install, right?