SUPPLY CHAIN ATTACK ALERT
LiteLLM & Trivy Compromised (CVE-2026-33634)
Severity: CRITICAL | March 25, 2026
Your AI & Security Stack May Be Exposed
A major supply chain attack has compromised LiteLLM and Trivy, putting thousands of organizations at risk of credential theft and data exfiltration. Immediate action is required.
What Happened
Between March 19–24, 2026, TeamPCP infiltrated Trivy and used stolen credentials to breach LiteLLM (~95M monthly downloads).
Both tools were weaponized to silently harvest sensitive data from developer and CI/CD environments.
What’s at Risk
Assume exposure of:
- SSH keys
- Cloud credentials (AWS, GCP, Azure)
- Kubernetes secrets
- CI/CD tokens
- Crypto wallets
Why It Matters
This is a cascading supply chain attack:
- Trusted tools became attack vectors
- Security software was weaponized
- AI infrastructure was used as a secondary infection path
Your organization could be leaking secrets right now.
Act Now
- Revoke & rotate all CI/CD credentials
- Audit systems running Trivy or LiteLLM (Mar 19–24)
- Check for suspicious outbound traffic
- Rebuild compromised environments
- Verify dependencies & lockfiles
Get the Full Report
Download the complete advisory for IOCs, affected versions, and a full remediation checklist.
👉 Download the Full Advisory Report
Back to Resources
