Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Sophisticated cyberattacks targeting a variety of open source projects, including the Trivy security-scanner project, the widely used Axios Javascript package, and now Anthropic's accidental ...
The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data.
Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
The Hacker News

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, ...
GitHub

revenium/revenium-middleware-litellm-proxy-python

A professional-grade Python middleware that seamlessly integrates with LiteLLM to provide automatic usage tracking, billing analytics, and comprehensive metadata collection. Features drop-in ...
GitHub

[Feature]: FIPS compliance of LiteLLM Proxy

LiteLLM proxy is using pynacl which is bound to libsodium library, which is not FIPS certified, so pynacl is not FIPS compliant. This prevents LiteLLM proxy from being used in environment that needs ...
VentureBeat

TensorZero nabs $7.3M seed to solve the messy world of enterprise LLM development

TensorZero, a startup building open-source infrastructure for large language model applications, announced Monday it has raised $7.3 million in seed funding led by FirstMark, with participation from ...