TeamPCP, tracked as UNC6780 by Google's Threat Intelligence Group, ran three coordinated supply chain campaigns in 2026 — poisoning Trivy, LiteLLM, and 170+ npm/PyPI packages — culminating in the theft of 3,800 GitHub internal repositories.
TeamPCP, tracked as UNC6780 by Google's Threat Intelligence Group, ran three coordinated supply chain campaigns in 2026 — poisoning Trivy, LiteLLM, and 170+ npm/PyPI packages — culminating in the theft of 3,800 GitHub internal repositories.
Zenity Labs has documented attackers exploiting unpatched LiteLLM vulnerabilities and unauthenticated Ollama endpoints to run autonomous pentesting campaigns, steal compute, and exfiltrate data from victim organisations.
A new critical authentication bypass in LiteLLM lets attackers manipulate the HTTP Host header to access protected management endpoints without credentials. Fixed in version 1.84.0, disclosed June 17.
CISA added CVE-2026-42271 to KEV after Horizon3.ai chained the LiteLLM MCP command injection flaw with a Starlette auth bypass for unauthenticated RCE. Federal deadline: June 22.