Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

mend

Famous Telnyx Pypi Package compromised by TeamPCP

Mar 27, 2026 By Tom Abai In Mend
Part 1 covered CanisterWorm, the self-spreading npm worm. Part 2 covered the malicious LiteLLM package and its.pth persistence. This post covers the third wave: a compromised telnyxPyPI package that hides its payload inside audio files and delivers entirely different malware depending on the victim’s operating system.
Read Post

Trivy/LiteLLM Breach: How to Identify Your Exposure and Contain It - 20-min Live Demo

Mar 27, 2026 By GitGuardian In GitGuardian
In this 20-minute live demo with Eric Fourrier (CEO and Founder of GitGuardian), Guillaume Valadon (Staff Cybersecurity Researcher at GitGuardian), & Dwayne McDaniel (Principal Developer Advocate at GitGuardian), you'll see how to determine if your machines were compromised by the ongoing Trivy and LiteLLM supply chain attack (attributed to TeamPCP), then scan for exposed secrets and get moving on remediation - step by step.
View Video

Understanding Malicious Packages in Modern Software Supply Chains

Mar 26, 2026 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video
The Hidden Costs Of Not Using Cloud Technology

The Hidden Costs Of Not Using Cloud Technology

Mar 26, 2026 By SecuritySenses In SecuritySenses
Business owners often stick to familiar routines - even when those habits drain the company bank account. Holding onto physical servers feels safe until the hidden bills for maintenance and repairs start piling up. These expenses act like a slow leak in your budget - slowly draining resources that could go toward growth. Many leaders overlook the subtle drains on their budget when they avoid modern systems. Shifting away from physical setups reveals expenses that were hiding in plain sight for years. Taking the step toward better systems is the only way to protect your long-term profits.
Read Post
certkit

CertKit Keystore: Private keys that never leave your infrastructure

Mar 25, 2026 By Todd H. Gardner In CertKit
When you use CertKit, your private keys live in CertKit’s database, encrypted at rest. We’ve written about why the actual risk is smaller than it sounds. But some organizations have policies that prohibit storing private keys with any third party, regardless of how they’re protected. That policy isn’t going away. The Local Keystore enables those organizations to use CertKit and still keep their keys local.
Read Post
jfrog

Stop Policies From Breaking Your Builds

Mar 25, 2026 By Jacqueline Basil In JFrog
Security policies exist to protect your software supply chain. So why do they keep breaking your builds? This is the unspoken frustration inside most DevOps and security teams today. Supply chain attacks drove 30% of external breaches in 2025. So your security team did the right thing. They added policies to flag packages that are too new, unproven, or missing from the organization’s approved package list.
Read Post
Teleport Ranked Number 9 in Security on Fast Company's 2026 List of World's Most Innovative Companies

Teleport Ranked Number 9 in Security on Fast Company's 2026 List of World's Most Innovative Companies

Mar 24, 2026 By Teleport In Teleport
Teleport's Infrastructure Identity platform eliminates identity fragmentation and credential sprawl, reducing infrastructure complexity and risk and laying the foundation required to control agentic AI.
Read Post
mend

TeamPCP Supply Chain Attack Part 2: LiteLLM PyPI Credential Stealer

Mar 24, 2026 By Tom Abai In Mend
Part 1 covered CanisterWorm, the self-spreading npm worm. This post covers the next wave: a malicious LiteLLM PyPI package carrying the most capable credential stealer TeamPCP has deployed yet. On March 24, 2026, two versions of litellm, one of the most widely used Python libraries for working with AI language model APIs, were published to PyPI carrying a hidden credential stealer. Versions 1.82.7 and 1.82.8 never appeared on the official LiteLLM GitHub repository.
Read Post
armo

The Library That Holds All Your AI Keys Was Just Backdoored: The LiteLLM Supply Chain Compromise

Mar 24, 2026 By Ben Hirschberg In ARMO
We just published a deep breakdown of the Trivy supply chain attacks yesterday. Twenty-four hours later, we’re writing about the next one. Same threat actor. Different target. Worse implications. This time it’s LiteLLM, the Python library that acts as a universal API gateway for over 100 LLM providers. If you’re building anything with AI agents, MCP servers, or LLM orchestration, there’s a good chance LiteLLM is somewhere in your dependency tree.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.