Search

Zulfikar Ramzan (He / Him)
Zulfikar Ramzan (He / Him) @Zulfikar_Ramzan ·
#TeamPCP isn't slowing down. First #Trivy and #LiteLLM, and now the official #telnyx SDK has been hit with a zero-day that hides its payload inside valid .wav audio frames. 🔇 This confirms my fear: we are in a high-velocity campaign where legacy CVE scanners are fundamentally blind. Practices like version pinning are a critical baseline, but they're an imperfect shield when the threat actors are weaponizing the very context of the packages we trust. We built wtmp to be a flashlight in this pitch-black room. It doesn't just check for "known bad" signatures—it uses LLM analysis to flag nefarious indicators like steganography and unauthorized exfil before they execute. If you’re triaging your environments today, you can grab the CLI and scan your tree here:point-wild.github.io/who-touched-my…z
108
SANS Cloud Security
SANS Cloud Security @SANSCloudSec ·
A security scanner was weaponized. #TeamPCP turned 1 token into a multi-ecosystem breach: CI/CD → npm → Docker → GitHub → AI Fix now: ✔️ Pin SHAs ✔️ Audit workflows ✔️ Rotate secrets Modern supply chain attacks are here. 👉 Read the blog:go.sans.org/NSTmlidE
275
SANS Institute
SANS Institute @SANSInstitute ·
A security scanner was weaponized. #TeamPCP turned 1 token into a multi-ecosystem breach: CI/CD → npm → Docker → GitHub → AI Fix now: ✔️ Pin SHAs ✔️ Audit workflows ✔️ Rotate secrets Modern supply chain attacks are here. 👉 Read the blog:go.sans.org/NSTmlitN
3
1.1K
Hunt.io
Hunt.io @Huntio ·
🚨NEW RESEARCH: 33K Exposed LiteLLM Instances, Two C2 Frameworks, One Trojanized PyPI Package On March 24, #TeamPCP trojanized #LiteLLM on PyPI. We're talking about a package with 97 million monthly downloads that acts as a centralized proxy for LLM API keys. One pip install, SSH keys, K8s tokens, and database passwords in a single pass. This is what we found: - 33,688 internet-facing LiteLLM deployments found at scan time -Credential harvesting across 15+ categories: AWS keys, crypto wallets, CI/CD secrets, TLS keys, and more -K8s escalation from a single pod to privileged containers on every node -Dual C2 running AdaptixC2 and Havoc simultaneously for redundancy -Certificate pivoting via certificate reuse uncovered a third server tied to the exfil domain Full teardown with IOCs and HuntSQL queries �hunt.io/blog/33k-expos…3s
11
2.6K
Nextron Research ⚡️
Nextron Research ⚡️ @nextronresearch ·
The #TeamPCP campaign continues. The telnyx #PyPI package (versions 4.87.1 & 4.87.2) with ~1M monthly downloads was compromised. What's new this time: WAV steganography. The payload hides an XOR-obfuscated binary inside audio frames, downloads it from C2 at import time, and persuild.exe in Startup. Linux/macOS gets a credential harvester with AES-256 + RSA encryption. The attackers even pushed a bugfix release (4.87.2) within hours of 4.87.1 failing due to a casing error. Operational iteration, live. A good reminder of why writing detections around behavioral patterns rather than point-in-time indicators matters. Generic rules from years back still hold against new techniques. Rune AI, our internal LLM analysis layer, surfaces the same verdict for efficient triage. IOCs & analysis: socket.dev/blog/telnyx-py… aikido.dev/blog/telnyx-py…
2
39
9.2K
NSFOCUS
NSFOCUS @NSFOCUS_Intl ·
🚨 Critical Alert: #LiteLLM Supply Chain Poisoning! #TeamPCP hacked into security scanning tool #Trivy, the attackers stole publishing credentials to release malicious versions directly to #𝗣���nsfocusglobal.com/ai-infrastruct…TLaLO
AI Infrastructure LiteLLM Supply Chain Poisoning Alert - NSFOCUS, Inc., a global network and cyber...

Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had...

From nsfocusglobal.com
1
185
ThreadLinqs
ThreadLinqs @threadlinqs ·
#TeamPCP just partnered with #Vect ransomware. The same group that backdoored $Trivy, hijacked Checkmarx KICS, and trojanized #LiteLLM on PyPI — a package pulled 3.4M times per day — is now feeding 300GB of stolen credentials into a ransomware-as-a-service pipeline. 80-88% tors. We tracked the full campaign across 7 threats on Threadlinqs Intelligence: → .pth file persistence that survives pip uninstall and runs on every Python invocation → 332-line credential harvester sweeping AWS, GCP, Azure, K8s, SSH, npm tokens → Kubernetes lateral movement via privileged pods in kube-system → CanisterWorm — a self-replicating npm worm using blockchain (ICP) as C2 → 60,000+ compromised servers. 85 MITRE techniques. 63 detections written. The IOC correlation alone tells the story — scan.aquasecurtiy.org (the typosquatted domain) links all 7 campaign phases. Same RSA-4096 key. Same tpcp.tar.gz naming. Same kill-switch logic. Full deep dive with enriched IOCs, detection rules (SPL/KQL/Sigma): threadlinqs.com/blog/TL-2026-0…
105