LiteLLM Got Backdoored: Full Technical Breakdown, Incident Response, and Why Self-Hosted LLM Proxies Are a Liability
On March 24, 2026, two malicious versions of LiteLLM landed on PyPI. Versions 1.82.7 and 1.82.8, published by a threat actor called TeamPCP, contained a three-stage payload that harvested SSH keys, cl
litellmtechnicalbreakdown.hashnode.dev11 min read