Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...
The Hacker News

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation ...
SecurityWeek

Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure

The vulnerability allows attackers to read data from a LiteLLM proxy’s database and potentially modify it. A critical-severity vulnerability in the open source AI gateway LiteLLM was exploited days ...
Bleeping Computer

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. The flaw is an SQL ...
GitHub

LiteLLM Proxy Client

A Python client library for interacting with the LiteLLM proxy server. This client provides a clean, typed interface for managing models, keys, credentials, and making chat completions. The client ...
CNET

Why Use a Proxy Server? Benefits, Drawbacks and Common Use Cases

Joe Supan is a senior writer for CNET covering home technology, broadband, and moving. Prior to joining CNET, Joe led MyMove's moving coverage and reported on broadband policy, the digital divide, and ...
Fathom

GitHub - BerriAI/litellm: Python SDK, Proxy Server To Call 100+ LLM APIs Using The OpenAI Format ... [9dea13]

City: Irving, Laredo, Overland Park, Savannah, Washington Python SDK, turkey Proxy Server to call 100+ LLM APIs using the OpenAI format - [Bedrock, Azure, OpenAI, VertexAI, Cohere, Anthropic, ...
Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Sophisticated cyberattacks targeting a variety of open source projects, including the Trivy security-scanner project, the widely used Axios Javascript package, and now Anthropic's accidental ...
SecurityWeek

Mercor Hit by LiteLLM Supply Chain Attack

The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. AI recruiting firm Mercor has disclosed impact from the recent LiteLLM supply chain attack, ...
Neowin

Mercor says it is "one of thousands of companies" hit by the recent LiteLLM attack

A couple of days ago, a group of hackers known as TeamPCP pulled off a ballsy supply chain attack against a core piece of AI infrastructure. They targeted LiteLLM, a super popular open-source API ...
TechCrunch

Mercor says it was hit by cyberattack tied to compromise of open source LiteLLM project

Mercor, a popular AI recruiting startup, has confirmed a security incident linked to a supply chain attack involving the open source project LiteLLM. The AI startup told TechCrunch on Tuesday that it ...