← Back to Blog
Security Briefing 11 min read March 25, 2026

LiteLLM Supply-Chain Backdoor Steals Credentials, FCC Bans Foreign Routers, HackerOne & Dutch Ministry Breached

TeamPCP compromises the popular LiteLLM AI proxy package with a three-stage credential harvester, Kubernetes lateral movement toolkit, and persistent systemd backdoor. The FCC bans all consumer routers made outside the US. HackerOne discloses employee data breach via third-party Navia hack. Dutch Ministry of Finance confirms breach affecting employees. PTC warns of critical Windchill RCE under imminent exploitation threat.


1. TeamPCP Backdoors LiteLLM AI Proxy Package — Three-Stage Attack Chain

⚠️ CRITICAL — Popular AI Infrastructure Package Compromised via Trivy CI/CD Chain

LiteLLM versions 1.82.7 and 1.82.8 on PyPI were compromised by TeamPCP with a multi-stage payload that harvests credentials, moves laterally through Kubernetes clusters, and establishes persistent backdoors.

The TeamPCP threat group — already responsible for the Trivy and KICS compromises — has now hit LiteLLM, one of the most widely used Python packages for routing LLM API calls across providers. The compromise was likely enabled through LiteLLM's use of Trivy in its CI/CD pipeline, creating a cascading supply-chain attack.

The malicious payload executes a three-stage attack:

Why This Is Especially Dangerous

LiteLLM sits at the heart of AI infrastructure — it's the gateway between applications and LLM providers like OpenAI, Anthropic, and Azure. Compromising LiteLLM means attackers potentially gain access to API keys for every LLM provider an organization uses, plus the sensitive data flowing through those API calls. Organizations running LiteLLM in Kubernetes environments face the additional risk of full cluster compromise.

Both malicious versions have been removed from PyPI, but any system that installed them between publication and removal may be compromised.

Immediate Actions


2. FCC Bans All Consumer Routers Made Outside the United States

⚠️ CRITICAL — Sweeping Hardware Security Regulation Takes Effect

The Federal Communications Commission has updated its Covered List to ban all consumer routers manufactured in foreign countries from sale in the US, citing persistent state-sponsored supply-chain threats.

In one of the most aggressive hardware security actions ever taken by a US regulator, the FCC has effectively banned the sale of new consumer routers made outside the United States. The updated Covered List now includes all consumer routing equipment manufactured in foreign countries, regardless of the brand selling it.

The decision follows years of escalating concerns about state-sponsored backdoors in networking equipment:

Global Implications

While this is a US-specific action, it signals a broader trend toward hardware sovereignty in cybersecurity. The EU's Cyber Resilience Act (CRA) takes a different approach — rather than banning foreign hardware, it mandates security requirements for all connected devices sold in the EU. Both approaches reflect the same underlying reality: the network perimeter starts at the router, and trusting opaque foreign supply chains is no longer acceptable.

For EU organizations subject to NIS2, this is a reminder to audit your network hardware supply chain. Even if the EU doesn't ban foreign routers outright, NIS2 Article 21 supply-chain security requirements mean you need to demonstrate due diligence on the hardware securing your network boundaries.


3. HackerOne Discloses Employee Data Breach After Navia Benefits Hack

🔶 HIGH — Bug Bounty Platform's Employee Data Stolen Through Third-Party Benefits Provider

HackerOne is notifying hundreds of employees that their personal data was stolen after attackers compromised Navia, one of its US benefits administrators.

HackerOne, the world's largest bug bounty platform, has disclosed that employee personal information was compromised through a breach of Navia, a third-party benefits administrator. The irony is not lost on the security community — an organization at the center of vulnerability disclosure is itself a victim of the third-party supply-chain risk it helps others mitigate.

The compromised data reportedly includes:

The Third-Party Risk Lesson

This breach perfectly illustrates why NIS2 Article 21(2)(d) mandates supply-chain security management. HackerOne's own security posture is strong — they are, after all, the platform where researchers report vulnerabilities in other organizations. But their employees' data was compromised through a benefits provider they likely had limited visibility into. No organization is stronger than its weakest vendor.

Immediate Actions


4. Dutch Ministry of Finance Discloses Breach Affecting Employees

🔶 HIGH — EU Government Ministry Confirms Security Incident

The Dutch Ministry of Finance has disclosed a security breach that compromised employee information, the latest in a growing list of European government agencies targeted by threat actors.

The Netherlands Ministry of Finance has confirmed a breach affecting its employees, though details about the attack vector and scope remain limited. This comes at a particularly sensitive time as the Netherlands has been one of the more aggressive EU member states in implementing NIS2 and pushing for stronger government cybersecurity standards.

The breach follows a pattern of EU government institutions being targeted in 2026:

NIS2 Relevance

Government entities are squarely within NIS2 scope. The Dutch government has been a vocal proponent of the directive — this breach underscores that even well-resourced government agencies face persistent threats. The incident will likely accelerate the Netherlands' already-aggressive NIS2 implementation timeline and may influence how other member states approach government sector compliance.


5. PTC Warns of Critical Windchill & FlexPLM RCE Under Imminent Threat

⚠️ CRITICAL — Enterprise PLM Platforms Vulnerable to Remote Code Execution

PTC Inc. has issued an urgent advisory for a critical RCE vulnerability in Windchill and FlexPLM product lifecycle management systems, warning that exploitation is imminent.

PTC Windchill and FlexPLM are enterprise product lifecycle management (PLM) platforms used by major manufacturers and defense contractors worldwide to manage product designs, engineering data, and supply-chain documentation. A critical remote code execution vulnerability now threatens these environments.

PTC's use of the word "imminent" in their advisory is notable — it suggests either active exploitation attempts have been detected or proof-of-concept code is circulating. For organizations in manufacturing, aerospace, defense, and automotive, this is an emergency patch situation.

Why PLM Systems Are High-Value Targets

Immediate Actions


6. Infinite Campus Warns of Breach After ShinyHunters Claims Data Theft

🔶 HIGH — K-12 Student Information System Compromised

Infinite Campus, used by thousands of US school districts to manage student data, is warning customers of a breach after threat group ShinyHunters claims to have stolen student and family records.

Infinite Campus is one of the most widely used student information systems (SIS) in the United States, managing records for millions of K-12 students including grades, attendance, health records, disciplinary records, and family contact information. The ShinyHunters group — known for high-profile breaches including Ticketmaster, AT&T, and Santander — is claiming responsibility.

Student data is particularly sensitive because:

Immediate Actions


7. Yanluowang Ransomware Access Broker Sentenced to 81 Months

Law Enforcement Win: A Russian national has been sentenced to 81 months (nearly 7 years) in US federal prison for acting as an initial access broker (IAB) for the Yanluowang ransomware group. The sentencing reinforces that the US Department of Justice is successfully pursuing the full ransomware ecosystem — not just the operators deploying ransomware, but the brokers who sell initial access, the affiliates who conduct intrusions, and the money launderers who process payments.

The Yanluowang group gained notoriety for attacking Cisco in 2022 and has targeted enterprises across finance, manufacturing, and technology. This sentencing is part of a broader trend of increasing legal consequences for ransomware participants, which is slowly shifting the risk calculus for cybercriminals.


8. Fake Resume Phishing Campaign Targets French-Speaking Enterprises

🔶 HIGH — FAUX#ELEVATE Campaign Combines Credential Theft, Data Exfiltration, and Cryptomining

An ongoing phishing campaign delivers highly obfuscated VBScript files disguised as CVs/resumes to French-speaking corporate environments, deploying a multi-purpose toolkit.

Securonix researchers have uncovered the FAUX#ELEVATE campaign, which targets French-speaking organizations with fake resume documents that deploy a triple-threat payload combining credential theft, data exfiltration, and Monero mining. The campaign is notable for its abuse of legitimate services:

For DACH Organizations

While this campaign currently targets French-speaking environments, similar campaigns targeting German-speaking organizations are likely. HR departments processing applications in multiple languages should be especially vigilant. The attack pattern — weaponized documents sent as job applications — is a well-known vector that consistently succeeds because HR teams must open attachments from unknown senders.

Immediate Actions


Today's Threat Landscape Summary

Threat Severity Type Action Required
LiteLLM Supply-Chain Backdoor CRITICAL Supply Chain Check versions, rotate credentials
FCC Foreign Router Ban CRITICAL Regulation Audit network hardware supply chain
PTC Windchill/FlexPLM RCE CRITICAL Vulnerability Emergency patch immediately
HackerOne/Navia Breach HIGH Data Breach Contact Navia, audit vendor PII
Dutch Ministry Breach HIGH Data Breach Monitor for follow-on attacks
Infinite Campus / ShinyHunters HIGH Data Breach Contact vendor, freeze student credit
FAUX#ELEVATE Resume Phishing HIGH Phishing Block VBScript, sandbox HR attachments
Yanluowang IAB Sentenced INFO Law Enforcement Awareness — deterrence signal

Is Your AI Infrastructure Secure from Supply-Chain Attacks?

Today's LiteLLM backdoor shows that AI tooling is the new frontline. KENSAI scans your web applications, APIs, and infrastructure for vulnerabilities before attackers find them.

Start Your Free Security Scan →

Published by the KENSAI Threat Intelligence Team · March 25, 2026

Stay informed. Stay protected. Read more briefings →

Related Articles

Microsoft Patch Tuesday 84 Falhas DarkSword iOS间谍软件泄露至GitHub威胁数亿设备,VoidStealer绕过Chrome加密,Railway AI钓鱼攻击波及数百组织 Gefälschte VS-Code-Warnungen greifen GitHub an, Niederländische Polizei gehackt,