Vhs Lady

@MatuaKahurangi @Rockynz_1 What a fkg idiot she is.

The Greens and MPs like Tamatha Paul want to abolish prisons. That means rapists & sex offenders get released straight back into the community. Nothing screams "compassion" like turning your neighbourhood into a free-range rehabilitation centre for serious offenders. #nzpol

@MightyBuddha01 @IntCyberDigest This is not the way to go about it. That’s idiot mentality. They’ve committed multiple crimes and they will get caught. It’s just a matter of time.

@VhsLady @IntCyberDigest Who's glamorizing what exactly? Destruction of trust? Yeah, no kidding - you thought your data was safe, turns out it isn't. Hopelessly trusting is not a good thing either. The way to move forward is with more transparency, not less.

🚨‼️ We're in contact with the actor behind the Trivy and LiteLLM hack. They told us they are currently extorting several multi-billion-dollar companies from which they've exfiltrated data. They've obtained 300 GB of compressed credentials and are working their way through them as we speak. The LiteLLM compromise alone led to half a million stolen credentials, according to the threat actor. Their message to the world: "TeamPCP is here to stay. Long live the supply chain." They've sent us their new logo (see image) and also teamed up with several threat actors, including Xploiters and Vect.

@SocketSecurity Why are you quoting and agreeing with criminals? Doesn’t say much for the credibility of your brand.

TeamPCP: "These companies were built to protect your supply chains yet they can't even protect their own, the state of modern security research is a joke, as a result we're gonna be around for a long time stealing terrabytes of trade secrets with our new partners."

@adnanthekhan Real downstream harm to real developers. The silver lining that Claude caught & refused the prompt injection attack is genuinely satisfying though. Bot tries to weaponize Claude, Claude writes a detailed forensic takedown of the attack instead. 🦞 gets cooked.

@adnanthekhan It should be deleted. Dummies building the wrong things with ai The audacity of putting “powered by claude-opus-4-5” while running active exploitation campaigns against Microsoft, CNCF projects, Aqua Using AI branding as a credibility/intimidation flex is a new kind of scummy.

In this whole #Trivy chaos, people seem to be incorrectly linking the hackerbot-claw event to the initial #Trivy extension compromise.

@karpathy It’s disgusting to see the absolute glee and glorification of the loser “teampcp” thieves coming out of Sec community today. Some literally laughing at the irony and misfortune.

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

@cyb3rjerry @vxunderground What a dickhead thing to say.

@vxunderground Nah I was happy to see it unfold at work. TeamPCP is funny and these attacks are lowkey fun to enjoy, you always learn with them. I'll take that over a user getting phished AGAIN anytime of the day

Chat, I'll tell you one thing right now, this LiteLLM supply-chain attack is one big stinky mess. No information has been released publicly (yet) on vendors impacted, but the stink I've been sniffing suggests this is very serious shenanigans and DFIR nerds are not happy

@adnanthekhan What a ….. and I do not say this lightly……:, fking degenerate c**t

The threat actor behind TeamPCP is calling it quits. The pace of work these days takes a toll on threat actors too.

@vxunderground It was only discovered cos they wrote sloppy code it used so much RAM it crashed a dev’s pc 1 dev using Cursor with an MCP plugin had litellm pulled in as a dependency their machine crashed & that crash saved 1000s of companies from getting their entire infrastructure stolen

Whoa whoa whoa. Everyone CLAM down for a second. Earlier today someone broke the news that there was a supply chain attack impacting LiteLLM which had over 97 MILLION installs. Initially it was reported the payload was vibe coded which resulted in the payload failing. HOWEVER, this has been determined to be NOT TRUE. The payload was a SUCCESS. The payload failed in specific edge cases (currently unknown). The Threat Actor(s) managed to exfiltrate data from 500,000 infected machines (approx. 300gb of data). I have confirmed this from three different sources. The initially news which is spreading all over social media is incorrect and this is actually a very big bamboozle. They had one short, one opportunity, and did indeed seize it (but only failing in specific and unknown edge cases). It's all over for LLM-dependency nerds. Also, in a bit of irony, LiteLLM is SOC2 certified by Delve. This is very big shenanigans for a Tuesday.

@dennysentinel @IntCyberDigest 😱

@IntCyberDigest this is serious as fuck its planted in the Solana blockchain.

@IntCyberDigest Stop glamorising these fkwits. wtf is wrong will all of you? these little shits just destroyed a whole bunch of businesses, & cost hard working people a fortune. Mindless brats. Not to mention the destruction of trust and the fking economic repercussions.

@_BTCStrategist @TFTC21 No just loser pricks

@TFTC21 The group was elite:

A hacker group just compromised one of the most widely used security scanners in the world, and used it to steal half a million credentials from companies that trusted it to keep them safe. On March 19, a threat actor group called TeamPCP injected credential-stealing malware into Trivy, a popular open-source vulnerability scanner maintained by Aqua Security. Trivy is used by thousands of companies to scan their code and infrastructure for security flaws. The attackers compromised 75 GitHub Action tags, the Trivy Docker images, and related CI/CD pipelines, meaning every company running automated security scans through Trivy was unknowingly executing the attackers' code. The malware harvested SSH keys, cloud credentials, Kubernetes secrets, cryptocurrency wallets, and .env files from every environment it touched. The stolen data was encrypted and exfiltrated to attacker-controlled servers. But the attack didn't stop there. Using credentials stolen from Trivy's CI/CD pipeline, TeamPCP then backdoored LiteLLM, a widely used Python framework for managing AI model APIs. Two malicious versions (1.82.7 and 1.82.8) were pushed to PyPI, the main Python package repository. The second version was designed to execute automatically on every Python process startup in the environment, no user interaction required. From there, it deployed privileged pods across entire Kubernetes clusters and installed persistent backdoors on every node. The attackers also pushed compromised Docker images of Trivy (versions 0.69.4, 0.69.5, 0.69.6) to Docker Hub and compromised dozens of npm packages with a self-spreading worm called CanisterWorm. They even defaced 44 internal Aqua Security repositories in a scripted 2-minute burst, renaming them all with "TeamPCP Owns Aqua Security." According to the International Cyber Digest, which is in direct contact with the attackers, TeamPCP claims to have exfiltrated 300 GB of compressed credentials and is actively working through them. The LiteLLM compromise alone reportedly yielded half a million stolen credentials. The group says it is currently extorting several multi-billion-dollar companies. Each compromised environment yielded credentials that unlocked the next target. The pivot from CI/CD pipelines to production Python packages running in Kubernetes clusters was deliberate escalation. Security researchers say this campaign is "almost certainly not over." This is what a modern supply chain attack looks like. The tools companies trust to secure their infrastructure become the attack vector. The irony is brutal, the security scanner was the vulnerability.

@hnykda teampcp started with Trivy…. ∙Expanded to Checkmarx ∙Now BerriAI/litellm ∙Escalating campaign ∙Sysdig documented them ∙This is the same actor

LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below

@simonw Bots drowning out the warnings in realtime.

Anyone got any theories as to why there are hundreds of comments like this on the GitHub issue reporting the exploit? github.com/BerriAI/litell…

Thankfully the LiteLLM package has now been marked as "quarantined" on PyPI so attempting to install the compromised update via pip et al shouldn't work

@simonw teampcp started with Trivy…. ∙Expanded to Checkmarx ∙Now BerriAI/litellm ∙Escalating campaign ∙Sysdig documented them ∙This is the same actor

@martinuke0 @hnykda What absolute fk heads.

@hnykda they're having the time of their lives lmao

@Notwokenow @LollyPoppins66 2 out 10 stars Poor lighting. And a deranged person has got their hands on the camera.

“When ICE comes to town…..get a sniper and shoot….blow their f’ing faces off….watch them f’ing drown in their own bl00d…”

@goingbykate And??? What’s your point? Do you have a point?

i'll never forget when brooke van velden likened beneficiaries to stubborn, thick, lazy donkeys and cast herself as the donkey driver waggling a carrot around to incentivise them to work.

@FullTwatforward 🤣🤣🤣

No wonder no-one can afford apples for their tamarikis. Moron 🤦‍♂️