THREATOPS
THREAT OPSThreat News › LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign

LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign

infodatadog_seclabsPublished 2026-03-24

On March 24 and 27, 2026, malicious PyPI releases of LiteLLM and Telnyx were published as part of the TeamPCP supply chain campaign. We trace the full campaign from Trivy through npm, Checkmarx, and into PyPI.

Original source: https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/