TGTGInsighttelegram intelligenceLIVE / telegram public index
← The Hacker News
View original
The Hacker News avatar

TGINSIGHT POST

Post #8667

@thehackernews

The Hacker News

Views9,830Post view count
PostedMar 2403/24/2026, 06:31 PM
Post content

Post content

πŸ›‘ Malicious LiteLLM versions 1.82.7–1.82.8 deploy credential theft, Kubernetes lateral movement, and a persistent backdoor. Linked to the Trivy CI/CD compromise, the payload runs on import or via .pth at Python startup, spreads across nodes, and installs a systemd service. πŸ”— Full story β†’ https://thehackernews.com/2026/03/teampcp-backdoors-litellm-versions.html