Wow, TeamPCP is hacking open-source developers faster than we can report on them. The latest (that I'm aware of, anyway) is LiteLLM. They worked with Trivy but didn't bother to change their credentials after Trivy was hacked, despite an ample amount of advice to do so.

Folks, if any of you used LiteLLM, now is the time to change your credentials, in an atomic way. Now, as in immediately.

https://news.ycombinator.com/item?id=47501729